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MODULAR TRANSACTION TERMINAL 



HELD QF THE lNVF,NTIO>i 
The present invention relates generally to a transaction terminal apparatus and 
method. More particularly, the present invention relates to a modular transactional terminal 
such as a modular point-of-sale terminal. 



5 



BACKGROVJND OF~THE~TN VFNTION1 

Terminals such as point-of-sale terminals have many applications. One of the most 
common is in retail transactions. Frequently upgrades to the software and/or hardware are 
made. Moreover, merchants have different functional configuration needs. Various 
10 approaches have been used to provide for upgrades to the software/hardware and 

reconfiguration of terminals. However, this typically is a time consuming process and often 
requires the purchase of new and different hardware and software. 

There is a need for a modular point-of-sale terminal which readily allows upgrades to 
be made and the terminal to be readily reconfigured with different functional capabilities. 
15 The present invention solves these problems and other problems associated with existing 
point-of-sale terminals. 

SUMMARY OF THF INVENTION 
The present invention relates to a modular terminal apparatus and method. 
20 One embodiment of the invention relates to a terminal apparatus, comprising: a core 

unit including; 

a processor and associated memory, 
. ^.'«B«2sa«keyp3d for inputting data, and 

a display operatively interconnected to the processor for 
25 displaying data; 

a communications module attachable to a bottom surface of the core unit; and 
the core unit and the communications module being interconnected by an electrical 
bus enabling control of the communications module by the processor of the core unit, the 
core unit being interchangeable with various communications modules. 
30 In one embodiment, the communication module includes a modem apparatus, the 

; .-.T' modem apparatu^e^^^ - — *' 

In yet another embodiment, the communication module includes a network interface 
communication board enabling a plurality of the core units and their associated 
communication modules to be interconnected in a local area network arrangement. In one 
35 embodiment, at least one of the plurality of communication modules interconnected in the 
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local area network arrangement include a modem apparatus, the modem apparatus enabling 
communication with a remote host. 

In one embodiment, the communication module includes a removable integral printer 
whereby information can be printed, the integral printer being electrically interconnected to 
5 the processor of the core unit by the electrical bus. 

In one embodiment, the communication module includes an electrical connection for 
interconnection to an electronic cash register. 

In one embodiment, the communication module is electrically interconnected to a 
battery pack. 

10 In still one embodiment, the core unit includes a magnetic stripe reader and in yet 

another embodiment the core unit includes a smart card reader. 

In one embodiment, the core unit attaches a PIN pad module for entry of a user's PIN 
during a transaction. 

In yet another embodiment, the core unit includes a first electrical bus connector 
15 projecting from its bottom surface and the PINpad and communication module includes a 
second electrical bus connector projecting from its top surface, the first and second electrical 
bus connectors mechanically and electrically connecting to one another to provide an 
electrical bus from the processor of the core unit to electrical components in the 
communication module, the core unit and communication module being attached to one 
20 another by removable fasteners. 

Yet another embodiment of the present invention relates to a POS modular terminal 
apparatus, comprising: 

a core unit including; 

a processor and associated memory, 
.*a*«23j*^ ^Mnwp^^r^ disposed on a top surface of the core unit for entry of a usert < Pfrf^~ — 
during a transaction, 

a display displaying information, 

a magstripe reader for reading an encoded magstripe on a card, the magstripe 
reader being disposed proximate one side of the core unit, 
30 a smart card reader for reading smart cards, the smart card reader being 

disposed proximate a front end of the terminal, and 

a bottom surface including an electrical bus connector projecting therefrom; 



communication module including a top surface having an electrical bus 
35 connector projecting therefrom and electrically interconnectable to the electrical bus 
connector of the core unit so as to create an electrical bus between the core unit and the 
communication module, the communication module including communication control 
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circuitry for interfacing with the processor of the core unit by way of the electrical bus, the 
communication control circuitry being electrically connected to electrical components in the 
communication module so as to allow control thereover by the processor of the core unit, the 
communication module being interchangeably connected to the bottom surface of the core 
5 unit by fasteners whereby the core unit may be interchangeably connected to different 
communication modules, the communication module providing power to the core unit, the 
communication module including electrical connectors for interconnection to an electronic 

cash register. ; 

In one embodiment time division multiplexing (TDM) communication protocol is 
10 used to communicate between the processor of the core unit and the communication circuitry 
of the communication module. 

Another embodiment of the present invention relates to a terminal apparatus, 
comprising: 

a processor and associated memory; 
15 a keypad, operatively coupled to the processor, for inputting data to the associated 

memory; 

a display, operatively coupled to the processor, for displaying data; 
a communications module; and 

a time division multiplex (TDM) bus operatively coupled between the processor and 
20 communications module to enable control of the communications module by the processor, 
the TDM bus having at least two different data transfer rate channels multiplexed together in 
a frame. 

Another embodiment of the present invention relates to a terminal apparatus, 
comprising: 

a**- la&w^i^^u*- a display for displaying data; . . .,*^&&3i&*-~ - . - 

a keypad for inputting data; and 

a processor and associated memory, operatively coupled to the display and keypad, 
for processing application program functions in accordance with an operating system display 
driver which allows a first application program to exclusively control displayed elements 
30 within a first portion of the display and a second application program to exclusively control 
displayed elements within a second portion of the display. 

These and various other advantages and features of novelty which characterize the 
gpl^g^nyenticntare pointed out with paff&ul&i^ 

hereof. However, for a better understanding of the invention, its advantages, and the objects 
35 obtained by its use, reference should be made to the accompanying drawings and descriptive 
matter, which form a further part hereof, and in which there is illustrated and described a 
preferred embodiment of the invention. 
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BRIEF DESCRIPTION OF THE DRAWTNfiS 
In the drawings wherein corresponding reference numerals generally indicate 
corresponding parts throughout the several views; 

Figure 1 is an exploded perspective view in of a preferred embodiment of a 
5 modular point-of-sale terminal apparatus in accordance with the principles of the present 
invention, the embodiment shown including a core unit; 

Figure 2 is an exploded view of a display assembly incorporated within the 

core unit of Figure 1; 

Figure 3 is an exploded view of a magnetic stripe reader incorporated within 
] 0 the core unit of Figure 1 ; 

Figure 4 is an exploded view of a core unit and a communications module 
configured to interface with the core unit, the core unit and the communications module are 
shown separate from one another; 

Figure 5 is an exploded view showing the mechanical and electrical interface 
IS between the core unit and the communications module of Figure 4 prior to interconnection, 
the bottom of the core unit is shown while the top of the communications module is shown; 

Figure 6 is a bottom view of the communications module of Figure 4; 
Figure 7 is a perspective view of a printer module and an assembled terminal 
comprising a the core unit and communications module of Figure 4, the printer is shown 
20 withdrawn from the terminal; 

Figure 8 is an exploded view illustrating the inner components of the 
communications module of Figure 4; 

Figure 9 is an exploded view of the core unit and a PIN pad module 
configured to interface with the core unit; 
it* 25 Figure 10 is an exploded .v,iew*ofcthe«P!N -pad module : ofiFigure 9; 

Figures 1 1 A-l 1G illustrate various environments suitable for using a 
modular transaction terminal constructed in accordance with the principles of the present 
invention; 

Figure 12 is a back view of the communications module showing the various 

30 serial ports and power-port; - 

Figure 13 is a block diagram of the interconnection of a main printed circuit 
board to one or more communication boards; 

shown in Figure 13; 

35 Figure 15 is a more detailed block diagram of one of the communication 

boards shown in Figure 13; 
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o 

Figure 1 6 is a diagram showing one implementation of a TDM bus having 
three tiers of bandwidth; and 

Figure 17 is a diagram showing representative interactions between an 
application program and an operating system for the modular transaction terminal in 
5 accordance with the principles of the present invention. 

DETAIL ED DESCRIPTION OF PREFERRED FMRonf M P xi Tffl 

Referring now to the figures, there is illustrated a preferred embodiment of a modular 

transaction terminal/apparatus in accordance with the principles of the present invention. For 
10 the purposes of illustration, the modular terminal is described throughout the specification in 
a point-of-sale environment and is often referred to as a point-of sale terminal. However, it 
will be appreciated that the present invention is not limited to the point-of-sale environment 
and can be utilized to conduct a variety of alternative electronic transactions within a wide 
range of fields. 

15 As shown in Figures 1-10, the present invention relates generally to a modular point- 

of-sale system having both smart card and magnetic stripe capabilities. The system includes 
a core unit that is capable of interfacing with a variety of modular components. Preferably, 
the core unit does not have any connectivity capabilities other than connecting to the modular 
components. Exemplary modular components include printer modules, local area network 

20 (LAN), modem modules, workstation communication modules and PIN pad modules. The 
modular nature of the system allows the system to be configured and customized to meet the 
needs of any user. 

Figure 1 shows an exploded view of an exemplary core unit 30 constructed in 
accordance with the principles of the present invention. Generally, the core unit 30 can be 

25 divided into three su^|§§^jjes y^Vhjf^^S^^^ cover assembly 32, a core printed 
circuit board (PCB) assembly 34 and a core bottom cover assembly 36. 

As shown in Figure I , the core top cover assembly 32 includes a top cover 38 
preferably constructed of a plastic material. The top cover 38 includes a rectangular screen 
opening positioned above a plurality of key openings. A transparent display window 40 is 

30 H?.9HP te j ov * r the ^een opening of the top coyer 3.8 while a key pad 42 is mounted within 
the top cover 38. The key pad 42 is positioned such that keys of the key pad 42 project 
through the key openings of the top cover 38. The core top cover assembly 32 also includes 
r-^^ac^ TTOverlay 44 typically vxt^&Kr-*** 

includes defining key functions and other related user information. 

35 As shown in Figures I and 2, the core PCB assembly 34 includes a core PCB 46 

having suitable bus structure, memory, and processor which control the operation of the core 
unit 30. The core PCB 46 includes contacts for receiving input data from the keys of the key 
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pad 42. The PCB 46 further includes an interface connector 48, such as a male 20 PIN 
electrical connector, for allowing the core unit 30 to interface with an exterior modular 
component. Additionally, the core PCB interconnects with a speaker (not shown) for 
generating an audio output. 
5 The core PCB assembly 34 also includes a light pipe 50 affixed to the top side of the 

printed circuit board 46. The light pipe SO is preferably aligned upon the PCB 46 by a 
plurality of tabs 52 that snap within a plurality of corresponding holes 54 in the PCB 46. The 

| jght-pipe-50-and the PCB 46 are securely connected by a pair of screws 56. 

It will be appreciated that the light pipe 50 of the core PCB assembly 34 defines a 

10 plurality of openings 57 for allowing the keys of the key pad 42 to reciprocally engage the 
key contacts of PCB 46. The light pipe 50 also defines a rectangular liquid crystal display 
(LCD) cavity 58 positioned above the openings 57. A glass LCD 60 is mounted in the cavity 
58. A pair of zebra connectors 62 are mounted on opposite sides of the cavity 58 between the 
light pipe 50 and the LCD 60. A plastic bezel 64 fits over the LCD 60. The bezel 64 and the 

15 light pipe 50 are preferably interconnected via a snap fit connection such that the LCD 60 
and the zebra strip connectors 62 are securely retained in the cavity 58. 

The core bottom cover assembly 36 includes a bottom cover 66 preferably 
constructed of plastic and configured to mate with the top cover 38 of the core top cover 
assembly 32. A swipe style magnetic stripe reader (MSR) 68 is mounted within the bottom 

20 cover 66. The MSR 68 includes a MSR track 70 and a MSR head assembly 72. The MSR 
track 70 preferably extends longitudinally along the length of the bottom cover 66 and 
preferably is positioned adjacent one side of the bottom cover 66. The track 70 is preferably 
constructed of metal and functions to protect the casing from excessive wear generated by 
the repeated swiping of magnetic cards through the MSR 68. As shown in Figure 1 , the track 

25 ^^Ojisspositbned-adjacenttoja right side of the bottom cover 66. -^assassca?^ 
The MSR head assembly 72 is preferably mounted within the bottom cover 66 by a bracket 
member 74 (shown in Figures 1 and 3). It is preferred for the head assembly 72 to be 
mounted above the track 70 at a location offset from a inner side wall 76 of the bottom 
casing 66. In use, a magnetic card is slid along the track 70 and between the head assembly 

30 72 and the side wall 76 thereby enabling the head assembly 72 to read the magnetic strip of 
the magnetic card. 

The core bottom cover assembly 36 also includes a smart card reader (SCR) 

66. It will be appi^^m^m^^^^^^m 
assembly is configured to read smart cards, also known as integrated circuit cards. The SCR 
35 assembly 80 includes a SCR PCB 82 snapped within the bottom cover 66. The MSR head 
assembly 72 is preferably connected to the SCR PCB 82 via connector 84 while the SCR 
PCB 82 is preferably connected to the core PCB 48 via a flex ribbon cable 86. 
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The bottom cover assembly 36 can also optionally include a bottom door 88 for 
accessing an optional memory PCB 90 and an optional security PCB 92. The optional 
memory and security PCB's are preferably connected to the core PCB 48 via zebra strip 
connectors 94. The bottom door 88 and zebra strips 94 allow the PCB's 90 and 92 to be 
5 readily interchanged with alternate memory and security PCB's. In this manner, the level of 
memory and security provided by the core unit 30 can be tailored to a specific users need 
without requiring replacement of the core PCB 48. 

To-assem^ly-the-core-unit-30 r the-top-and-bottom-covers-38-and-66-are : 

interconnected by screws 93 such that the core PCB assembly 34 is captured between the 

10 covers 38 and 66. As assembled, the interface connector 48 of the PCB 46 projects through 
an opening in the bottom cover 66 such that the core unit can be readily interconnected with 
a variety of modular accessories. Also, the top and bottom covers 38 and 66 cooperate to 
define a longitudinal slot 96 for receiving magnetic cards into the MSR 68 and a transverse 
slot 98 for receiving smart cards into the SCR assembly 80. In the assembled embodiment 

15 shown Figure 4, the longitudinal slot 96 extends along the right side of the core unit 30 while 
the transverse slot 98 is formed at the end of the unit 30 opposite from the LCD 60. It will 
also be appreciated that the core unit 30 can be equipped with a privacy shield for preventing 
third parties from viewing the keypad 42 and display 60 while the core unit 30 is in use. 



20 core unit 30. Hie communications module 1 00 and the core unit 30 together provide a 
transaction terminal such as a point-of-sale terminal. The standalone terminal and LAN 
workstation will be approximately 4.75" in width, 8" in length, and 3.75" in height With an 
integrated printer attached, the length changes to about 1 1". The overall unit is lightweight 
for ease of portability. 



-^ssessu**- ^ 25-Ac.^^^^/^The communications module 1 00 preferably includes an interface connectot^K^2y * «c#*bps&w* 



such as a female 20 PIN connector, suitable for electrically interconnecting with the interface 
connector 48 of the core unit 30. The interface connector 102 is preferably located within a 
recessed upper face of the module 100. The communications module 100 and the core unit 
30 are mechanically interconnected by inserting the core unit 30 within the recessed upper 
30 face of the communications module 100 such that the core unit 30 becomes nested in the 
module 100. As the core unit 30 is inserted into the communications module 100, the 
interface connector 48 of the core unit 30 electrically interconnects with the interface 



m^P^^m^^^^Sm^^Bi of di^mmunications motiufcff^^ 



the module 100 and the core unit 30. Screws 104 are preferably used to securely retain the 
35 core unit 30 on the communications module 100. 

The housing of the communications module 100 preferably defines an open ended 
slot 106 sized to receive a printer module. The slot 106 is formed between a top portion of 



Figures 4-7 illustrate a communications module 100 configured to interface with the 
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15 



20 



25 



the housing and the bottom of the core unit 30. A printer connector 1 10 is located at an 
interior end of the slot 106 for providing an electric connection between the communications 
module 100 and the printer module. When the printer module is not in use, the slot 106 is 
preferably enclosed by a plug member 1 1 2 that snaps within the slot 106 as shown in Figure 
4. 

An exemplary printer module 108 is shown in Figure 7. The printer module 108 
preferably includes a casing 109 containing a printer mechanism and a printer PCB. The 
-printer-module-is-also equipped-with-aprinterroll cover l H- 

As shown in Figures 5 and 6, the communications module 100 is preferably equipped 
with a power plug receptacle 1 13 for connecting the module 100 to power source. The power 
source may be a conventional wall plug for in-line uses or a battery pack for off-line uses. 
The communications module 100 also includes a plurality of connectors such as multi-PIN 
serial ports 1 14 for allowing the communications module 100 to be readily connected to units 
such as electronic cash registers, magnetic check readers, external printers, PIN pads, bar 
code readers, cash drawers and other terminals. The communications module 100 also 
includes phone line connectors 1 16, such as phone jacks, for providing phone line access to 
an internal modem of the module 1 00 and also for connecting the module 1 00 to an external 
phone. The bottom of the module housing also defines a rectangular recess 1 17 sized to 
receive smart cards. A slot 1 19 at one end of the recess 1 1 7 allows smart cards to be inserted 
into an optional secondary smart card reader mounted within the module 100. 

in a preferred embodiment shown in Figure 12, the power plug receptacle 1 13 is an 
alternating current (AC) power jack. The 3-prong power jack 113 interfaces with 12 Volt 
(V) AC power supply with the pinouts shown in Table 1. 



Table 1 



* * S*r*Se* 



m 


Nam* 


Function 




AC 


12 VAC (nominal). 


2 


AC 


12 VAC (nominal). 


3 


EGND 


Earth ground. 



30 



The the serial ports 1 14 include an RS485 port 180, COM1J 82 and COM2 184 ports 
as well as an optional COM3 port 1 86 shown in Figure 12. 

The RS485 port 1 80 supports such as LAN or IBM electronic cash register (ECR) 



Mm-- ^connection. TTic PCS*T@^1i^ 

IBM ECR. This port has a 7 PIN mini-din connector including the following cables: LAN 
terminated, LAN unterminated, IBM RS485 and others. The LAN cable ends in a RJ1 1 
connector (at LAN connection) and is the same length as the other LAN cables. It is 
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recommended that LAN terminated cables be used for workstations placed on each end of the 
LAN, in order to reduce signal levels on the line. Unterminated cables can be used on all 
workstations in between. The IBM ECR cable is the same cable as the PIN pad module 
cable, but has a mini DIN connector instead of the RJ1 1 connector the terminal end. All 
communication through the RS485 port is restricted to half-duplex. It does not provide 
power other than a low current network bias supply attached to the internal +5 volt supply. 
The pinouts for this RS485 port are shown in Table 2. 



TIBET 



PIN 


Name 


Function 


1 


+5V 


5 Volts power. 


2 


GND 


Signal ground. 


3 


R6ND 


Reference signal ground via 100 ohms. 


4 


RT+ 


RS 485+ 


5 


RT- 


RS485- 


6 




LAN termination. | 


7 




LAN termination. 


Shell 


EGND 


Earth ground. f 



10 The COM 1 port 1 82 is the RS232 port that does not supply power. This will support 

devices that have their own power source, including an external printer, an RS232 ECR, or 
check reader. This port has an 8 PIN mini-din connector. The cables might include cables 
for interconnection to various devices such as; DB9 download/debugger cable; VeriFone 
P250 Printer; Citizen Printer; Silent Partner Printer, 1VI Check Reader; Magtek Check 

IS Reader; Checkmate Check Reader. However, it can be used for alternate attachments such as 
ECRs or check readers. Full-duplex communication with transmit hardware flow control is 
available through this interface. The pinout for COM 1 port 1 82 is shown in Table 3. 

Table 3 



PIN 


Name 


Function 


1 


GND 


Signal ground. 


2 


PAPER 


Printer paper alarm; a high level on this PIN 
indicates that printer paper supply is low or out. 


3 


-RTS . 


Output.to device ind icating that Jigsaw has 
selected the RS232 interface and is ready 


4 


CTS 


Input toJigsaw indicating that the peripheral device 
is ready to receive data. 






iJije^j^MMlfrmt^ai&^^ • ***** 


6 


TxD 


Transmitted data out to a peripheral. 


7 




No connection. 


8 


Test 


No connection. 


Shell 


EGND J 


Earth ground. 



20 
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The COM2 port is the RS232 port that does supply power. This will support a PIN 
pad connection, including the SPP, 290, 290E, and POS Terminal PJN pad. These require a 
powered port up to 150 mAmps, unregulated 7-14 volts. This port has a 6 PIN mini-din 
connector. The cables might include cables for interconnection to various devices such as: 
5 DB9 download/debugger cable; IV1 Check Reader; Magtek Check Reader; Checkmate Check 
Reader. Full-duplex communication with transmit hardware flow control is not available. 
The pinout for COM2 port 1 84 is shown in Table 4. 



Table 4 



pm 


Name 


Function 


i 


PWR 


Unregulated (7 - 14) VDC, 150 milliamps max. 


2 


GND 


Signal ground. 


3 


RxD 


Receive data from a peripheral. 


4 


TxD 


Transmit data to a peripheral. 


5 


GND 


Signal ground. 


6 




No connection. 


Shell 


EGND 


Earth ground. 



The COM3 port 1 86 is an optional RS232 port similar to COM] port 182. It may be 
used, like COM1 port 1 82, for interfacing to devices such as a check reader or bar code 
wand. A pinout for COM3 port 186 is shown in Table 5. 

15 lahki 



PIN 


Name 


Function 


1 


DCD 


Control line input from a peripheral. 


2 


RxD 


Serial data input from a peripheral. 




TxD ,<ha. 


--Serial data output to a peripheral. 


4 


DTR 


Control line output to a peripheral. 


5 


GND 


Signal ground. 


6 


DSR 


Control line input from a peripheral. 


7 


RTS 


Control line output to a peripheral. 


8 


CTS 


Control line input from a peripheral. 


Shell 


EGND 


Earth ground. 



Figure 8 is an exploded view illustrating the internal components of the 
•^bc^sgi^^ housing of the rnoduIeH^Q^asdeW^ 

a top cover 118 positioned opposite from a bottom cover 120. The top and bottom covers 
20 118 and 120 preferable mate together and are interconnected via screws 122. Positioned 
between the top and bottom covers 1 18 and 120 are an input/output PCB 124, a 
communications PCB 126, an optional modem PCB 128, and an optional secondary SCR 
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30 



assembly 1 30. It will be appreciated that the assembled terminal can function as a wall 
mounted unit or a hand held unit. Additionally, the base of the communications module 1 30 
preferably includes rubber feet for supporting the terminal on a structure such as a 
countertop. 

The input/output PCB 124 includes a bus structure and other components suitable for 
interfacing with the serial ports 1 14 and power plug 1 13. The input/output PCB 124 is 
mounted at a predetermined position within the housing such that the ports 1 14 align with 
openings 132 defined by the bottom of the housing. It will be appreciated that the bottom of 
the housing includes a break-out panel 133 positioned adjacent to the openings 132. By 
punching out the break-out panel 133 and replacing the input/output PCB 124 with a new 
input/output PCB having four serial ports ( 1 80, 1 82, 1 84, 1 86), the communications 
capabilities of the module 100 can be enhanced as required by a user. 

The communications PCB 126 includes bus structure and other components suitable 
for interfacing with the printer connector 110, the interface connector 102, the input/output 
PCB 124, the modem PCB 128, and the optional secondary SCR assembly 130. It is 
preferred for the communications PCB 126 to be mounted on the top cover 118 and oriented 
such that the interface connector 102 extends substantially vertically through an opening 134 
defined by the top cover 1 1 8, and the printer connector 1 1 0 extends substantially horizontally 
through an opening 136 defined by the top cover 1 18. The input/output PCB 124 and the 
communications PCB 126 are preferably interconnected via ribbon cable 138. 

The modem PCB 128 includes bus structure and other hardware suitable for 
interfacing with the phone line connectors 1 16. The modem PCB 128 is mounted in the 
bottom cover 120 such that the phone line connectors 116 align with a pair of openings 140 
defined by the bottom 120 of the housing. The modem PCB 128 is connected to the 
communicat|oj?s.5CB 126 via ribbon cable 142. The ribbon cable connection a!!ows*thc^»*^ 
modem PCB 128 to readily be replaced with an alternative modem board. For example, a 
user may require an upgraded modem board or may need a modem compatible with one of 
several different phone systems. 

The SCR assembly 130 is preferably connected to the communications PCB 126 via 
ribbon cable 144. The SCR assembly 130 is preferably-mounted adjacent the slot 1 19 in the 
bottom cover 120 such that when a smart card is snapped within the receptacle 1 1 7 and 
pushed into the slot 119, the card is read by the SCR assembly 130. The SCR assembly 130 



embodiment, the SCR assembly 130 is configured to accept both a smart card and a plurality 
of security access modules (SAM). If a user does not require the secondary SCR assembly 
130 or the SCR assembly 130 is not intended to be used, the recess 1 17 is preferably covered 
by bottom panel 146. 




Srtfccan have a variety^ofacmfip^ 
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Figures 9 and 10 illustrate a PIN pad module 148 configured to interface with the 
core unit 30. The PIN pad module 148 includes a housing cover 149 having an open top side 
1 50 configured to receive the core unit 30 such that the bottom of the core unit 30 mates or 
nests within the top of the housing cover 149. The PIN pad module 148 includes a PIN pad 
5 PCB 1 52 including an interface connector 154 configured to connect with the interface 
connector 48 of the core unit 30 when the core unit 30 is nested in the housing cover 149. 
Screws 1 5 1 are used to securely connect the core unit 30 and the PIN pad module 148 
together. 

The personal identification number (PIN) pads PCB 1 52 also includes a externa] 
10 connector 156 for providing an interface between the personal identification number PCB 
152 and an remote unit such as an electronic cash register, terminal or other communication 
device. Preferably, the connection between the external connector 156 and the remote unit is 
provided via a coiled cord. It will be appreciated that the PIN pad module 148 functions to 
convert the core unit 30 into a PIN pad for transferring data to the remote unit and for 
1 5 receiving data from the remote unit. 

It will be appreciated that the PIN pad resulting from the combination of the core 
unit 30 and the PIN pad module 148 has a widened head portion that accommodates the LCD 
60 and a narrow body portion sized to allow the device to be manually held. The corners of 
the device are preferably rounded and the housing is preferably constructed of a durable fade 
20 resistant plastic material. Exemplary dimensions of one particular PIN pad embodiment will 
be approximately 3.45" in width, 8" in length, and 1.75" in height. The PIN pad can be wall 
mounted, stand mounted, or placed on a counter. 

The PIN pad module 148 allows the POS terminal to operate as a PIN pad. It 
generally obtains power from a host device such as a terminal, electronic cash register 
sehH^ -^w?wn*2***w(ECR), or personal computer (PC). In one embodiment, this modOie^ill'have Iwo^ifferHnP*^^*^ 

case options, one for bonded units and one without bonding. The embodiment of the PIN 
pad module shown has an RJ 11 modular connector so that different cables can be attached. 
This allows a customer, such as a bank, to mix and match cables as needed to connect to 
different host devices. This also allows easy replacement of cables if they break. The cable 
30 fits securely to the-PIN pad and does not cause a security risk-(one cannot probe through the 
port to access the secure processor). The RJ 1 1 connector is easy to connect without special 
tools, but cannot be taken out by hand (a screwdriver or similar tool is required to pop out). 
^^^^^^^^heemff^cbed from theTM^Tn^^ 

The PIN Pad Module to ECR cables includes cables for interfacing with the various 
35 makes of ECRs such as: IBM 4680; NCR 2127 (includes power pack); DB9 RS232 (includes 
power pack); and DB25 RS232 (includes power pack). In one embodiment, these cables 
have a 3" straight section, an 18 n coiled section (expandable to 10 feet), and a 5 foot straight 
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section. The two RS232 cables and NCR cable will also support a power pack at the 
PC/ECR connector end. The IBM cable does not need a power connector. 

PIN Pad to LAN Cables include a cable for connection to a LAN with power pack 
and connection to a LAN with DB9 RS232 and power pack. 

A "Y" cable is needed for connecting the PIN pads together on a LAN. The additional 
RS232 connection allows the PIN pad to also connect to an ECR or PC. 

OVER-V-IE-W^ 



The overall features of the various components and features of the POS terminal will 
10 now be described. It will be appreciated that the POS terminal may take on varying 

configurations and that the following are but a few of those possible configurations and are 
not to be construed as limitations upon the scope of the invention. 

Keypad 

15 In the preferred embodiment, the keypad 42 is preferably made up of a 19-key 

silicone rubber matte with carbon pills which, when pressed, close etched contacts on the 
main logic board 46. Twelve keys comprise a telephone style numeric pad. The numeric pad 
consists of keys 0 through 9, plus a Clear and Enter key. One key has a dual function: 
normal key entry and wake-up initiated from power down mode. This is accomplished with 
20 a dual carbon pill and separate circuit board etching. Four additional function keys are 
available for initiating application specific functions. Three soft keys are located directly 
under the display; these keys correspond to software defined commands on the display. 

In the preferred embodiment, only the numeric and telephone style alpha characters 
are printed on the keys. The key matte will have four different colors. Besides the operator 
_ 25 keys, the keypad will have an extra, carbca con tac Uwh i ch is uscd'in.coniunGtion with a 

security tamper circuit. When the case is assembled, this contact is permanently activated. If 
a security option board is installed within the core unit 30, this contact becomes one of the 
switches in the series circuit that it uses to detect case opening. 

30 .- Display _ _ _ ... . 

The display 60 is preferably a bit mapped liquid crystal display (LCD) panel. Font 
design and size as well as graphical images have an open format as long as they fit within the 
ss^r: 52Sx32*pjx£^ 

Nematic (STN) transflective crystalline structure. A backlight is ltghtpiped from an LED 
35 source on the main logic board 46 and dispersed along the underside of the display. Contrast 
adjustments are made through the use of the main logic board's processor. 
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The LCD 60 is preferably controlled by an LCD controller chip. This chip 
incorporates the display memory, scan timing functions and segment drivers. It connects to 
the application specific integrated circuit (ASIC) of the main PCB 46 through an interface 
bus. Within the LCD controller chip is memory that is accessed through the interface bus 
5 and used by the controller to refresh the image on the LCD. Each bit in this memory 
corresponds to one pixel in the LCD. The controller can be written and read through the 
interface bus. 

Each character position within the display is capable of displaying the standard 

ASCII character set. Other application defined character sets, not mentioned above, arc 
10 downloadable into the operating system. The display offers bit-mapped graphics for 

international languages and is backlit for low lighting conditions. The display is flush rather 
than tilted, since it will be used in a variety of environments, such as wall mounted. The 
display is yellow/green in color with sufficient character contrast so prompts are easy to read. 

15 Main PCB 

The main PCB 46 interconnection through a time division multiplex (TDM)bus 300 
and byte bus 302 to one or more communication boards 124, 126, 128, and 130 is further 
detailed in a block diagram shown in FIG. 13. 

The TDM bus is a communication protocol assigning bandwidth for moving 
20 information on signal lines. The bandwidth is allocated and fixed at specific levels for the 
entire time the TDM is in operation. The advantages of this bus 300 include: scalability to 
different amounts and types of I/O under a common platform, a reduced number of PINs 
being needed for interconnection to other components in the system. The TDM bus uses 
multiple tiers of bandwidth allocation to allocate a high bandwidth for high speed signals and 
25 less bandwidth for ^ lOWJspeed-sigr.ala.-Cri^pafttcuter implementation of this TDM bus is a 
three tier system which is shown in FIG. 16. 

The byte-bus 302 is a transaction based communication scheme which allows for 
expandability of system communication and other capabilities. It allows expansion of 
processor connected peripherals through 2 signal lines, one of which is shared with the TDM 
30 bus 300.- Some ofrhe advantages of this bus 302 are that multiple peripherals can be directly 
interfaced through only 2 signals lines to the processor which reduces the number of 
interconnections needed in the system and reduces overall electromagnetic interference 
^^f^ 1 ?^ lines). Another^* 5 *^ 

advantage is that additional peripherals can be connected to the Com PCB without disturbing 
35 the core design through modifications to the software drivers for transactions on the byte bus 
302. 
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An ASIC (Application Specific Integrated Chip) 304, along with the processor, is the 
heart of the main PCB 46, as shown in FIGs 14 and 15. Virtually all communication between 
functional circuit blocks occurs through the ASIC. The ASIC is made up of the following 
major functional blocks shown Table 8. 

Table 8 



1 Functional Block 


Description ™ 


U Reset and Power 
Status 


Generates power fault interrupts, appropriate circuit 
activation is based on voltage levels determined by the 




communication module. 


Display Jntcrface 


Display controller interface, contrast and backlight 
control. 


Keypad/Security 
CPUI/F 


Provides direct parallel I/O interface between the 
keyboard and display and an optional security processor. 


UARTs 


Six UARTs are provided with independent baud rate 
generators. Optional circuit boards are required to access 
all UARTs. 


CPU Bus 
Iinterface Unit 
(BIU) 


Interfaces the CPU bus into the internal ASIC bus. 8 
Responsible for converting word wide CPU operations 1 
into byte wide operations on the ASIC bus. I 


MMU/Memory 
Protection 


Controls mapping of the CPU's 1 MB logical memory jj 
space into a 12MB physical memory space. Also 
provides programmable write protection on a 4K page 
basis. 


Memory BIU 


Responsible for interfacing the ASIC internal bus to the 
external memory resources. Includes programmable chip 
selects and memory bus timing. 


Interrupt 
Controller 


Manages masking and grouping of internal ASIC 
interrupt sources and drives the group interrupts out to 
the CPU interrupt controller. 


8 Beeper Interface 


Provides a speaker on/off control. 


B Magnetic Stripe 
0 Interface 


Translates analog signals from two separate read 
channels using a digital signal processor (DSP). The 
analog signal is analyzed for peaks. Logical data is 
^fraftslated from the peaks and transferred into the system. 


Smart Card 
Reader Interface 


Specialized interface to a smart card reader, providing 
for clocking and interface between one of the standard 
ASIC UARTs and the smart card. In some situations, the 
dual card reader option may share a common UART. 


TDM Channel 


Time Division Multiplexor Channel. Its function is to 
time slice the I/O connections between boards and 
serially transfer the information they contain. This is a j 
dual channel circuit used to pass information between the 
Core, Modem, Com and Printer boards. | 


Byte Bus 


Bi-directional serial data channel between the Com and B 


K T«fPorf * n ** a * g * 


Manufacturing/service test access port based on IEEE 
P 11 49.1 standard (JTAG). 


I Core to Com 
I Interface 


This multi-pin interface connects the Core module and 
the Com module. It includes the TDM lines, power, 
ground, unregulated voltage, high speed UART, 
NMl/Reset and Wake-up line. Byte Bus, and Beeper. I 
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Virtually all communication between functional circuit blocks occurs through the ASIC, 
fteset Power Status 

5 The following three signals are driven by the Comm module to direct system 

operations: 

Hard reset (HRST) 

PowerfaiMnterrupt-(PFI) 

Battery status (BSTAT) 
10 HRST - This signal is activated whenever the unregulated power is below a level 

necessary to produce +5 volts. When power is applied, HRST will 
remain active for a limited time after the +5 volts have stabilized. 
PF1 - This signal activates 5ms prior to HRST. This signal can be polled by the 
Core CPU. 

15 BSTAT - This signal is only present on battery operated products. It is passed 

to the Core unit through the TDM port. 

Panel Interface 

The panel interface provides the controls for all of the user interface peripherals. This 
20 includes the display, keypad, and audio circuitry. The ASIC 304 provides an external 

peripheral data bus to these devices as well and the security processor board. Selection of a 
device on this bus is done through the registers in the ASIC. All device selecting and strobing 
is done manually by the processor using programmed I/O. When securing the product, the 
optional security board can take over the data bus. Once active, all peripheral circuits are 
- 25^^inaGcessibIe to the 80C186. In this mode, the security processor controls uiertnfFpfoce ^ — - 
functions. Communications with the 80C186 is limited to a bi-directional byte port in the 
ASIC. 

Display 

30 ■ — ■ The display circuitry includes the access controls to the external-graphics display 
controller. Internal to the ASIC is a register used to set the contrast voltage applied to the 
display. Varying the settings of this register will proportionally adjust the intensity of the 
^^^Iff^nf age. JVWotlTer register :in the K§i<^^SW^^H^^^l^^^^^ 
display. The settings provided by this register can turn the LED backlite on, off, or to 

35 incremental settings inbetween. 
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Audio Control 

The audio control within the ASIC activates an external beeper in the communication 
module. The beeper is a fixed frequency device. 

5 Keypad 

The keypad circuit scans a matrix of 19 keys through a set of row and column 
connections on the PCB. A depressed key can be detected by activating one of the three 
ASIC row drivers and reading back which of the B columns had gone high. The columns are 
returned on the peripheral data bus. By decoding the row and column positions, the processor 
10 can determine which key is down. Since the data bus is used by other panel circuitry, 

scanning the keyboard can only be done with those devices off. Having another device active 
while reading the keypad will not damage the keypad or other device; however, it will 
corrupt the returned keypad information. Because the panel bus has a small amount of 
capacitance, the ASIC scan outputs should not be changed and re-sampled faster that 10ns. 

15 

Security PCBs 

The main security board provides access control to the user interface peripherals 
(keypad, display, etc.). There are two different boards that can be added to the system for 
security. Each security board is installed through a door on the bottom side of the core 
20 module. This board is attached to the core through Zebra strip contacts. These contacts and 
the board are held in place by the door. Connected through these contacts and through special 
connections on the user keypad matte and on the security board itself is a series circuit whose 
purpose is to detect the opening of the case. 



25 ability to control these peripherals and commur.icatew^thahe-SCG ! 86. ~fcdso?perferms~~ 

tamper detection and manufacturing testing. 

The second security PCB is a "non-intelligent" board. It provides tamper detection 

and manufacturing test, but it does not control the peripherals (the peripherals remain under 

the control of the 80C186). Additionally, a small serial memory is incorporated into the non- 
30 intelligent PCB to store secured information. This memory is powered by the battery backed 

security circuit. When processor detects a tamper condition, the OS will erase necessary 

memeory within the 80C1 86 memory space. 



handle data exchanges between the two processors and read/write operations to the serial 
35 memory device. 



The first board, already referred to, includes a microprocessor. This board has the 
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Low Level Security Bftarri 

When opened, this tamper detection circuitry causes the security board to erase all 
information it had in storage in a small battery backed memory device it maintains and 
presents a tamper signal to the ASIC. 

5 

High Level Security Board 

As previously described, the high level security board controls peripherals and 

communicates-directly-with-the-processor. Also, it stores keys and performs encryption/ 
decryption. 

10 To better manage the power consumed by the terminal, this board also allows the 

DS5002 to be programmed to turn itself on. Awakening the DS5002 is done by the 80C186 
processor. 

The DS5002 and 80C1 86 share a bi-directional parallel port through which all 
communications take place. This port includes a set of hardware handshaking signals that 
1 5 respond to the read and write operations done by the processors. 

When opened, this tamper detection circuitry causes the security board to erase all 
information it had in storage in DSS002 and presents a tamper signal to the ASIC. 

Transferring Data to One of the Panel Peripherals 
20 The panel data bus consists of a bi-directional 8 bit path which can be controlled by 

either the 80C1 86 or the DS5002. Transactions on the bus are executed manually by 
activating the controls necessary to select, enable or strobe panel peripheral devices. All 
devices on the panel bus have the ability to be both written and read. 



25 PANEL Control Register •^ummu^-^ - a^^b^sfw^ 

The panel control register provides low level controls to peripherals attached to the 
panel bus. A number of these controls are disabled when the ASIC is in the secured mode. 
The settings held by this register can be read back by the 80CI86. The values in the register 
are described in Table 9. 



30 



Table 9 



KEYH ENB (Bit 0) 

1 WBWhen 

35 enabled, any high signal on the panel bus will result in a keyhit 

interrupt. This interrupt is useful when the panel is in protected 
mode and the DS5002 is shutoflf. While in this mode, the interface 
can be set with all of the keyscan active. If a key is depressed, this 
interrupt is generated. Setting this bit will enable the interrupt. A 

40 hardware reset clears this bit. 
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IBF ENB (Bit I) 

The IBF enable is used to enable an interrupt generated by 
the DS5002 when it reads data from the panel data register. 
When set this interrupt source is enabled. A hardware reset 
5 clears this bit. When the DS5002 is not present, this bit 

should remain cleared to prevent unwanted interrupts from 
occurring. 
OBF ENB (Bit 2) 

The OBF enables is used to enable the interrupt generated by the 
10 DS5002 writing to the panel data port. When set this interrupt source 
is enabled. A hardware reset clears this bit. When the DS5002 is not 
present,_this-bit-should-remain.cleared-to-prevent-un-wanted 



interrupts from occurring. 
DATA ENB (Bit 3) 

15 This bit is used to enable the panel data register onto the panel bus. 

When set, the data register is driven out. 
5K RST(Bit 4) 

This bit controls the signal level driven by the ASIC's 5KRST pin. 
When set, the DS5002 is held in a reset state. Hardware reset will set 
20 this bit. 

TCAP (Bit 5) 

This bit is used to reset an internal ASIC latch that captures tamper 
circuit transitions generated during product test. During normal 
operations, this control will not be used since a tamper condition 

25 will remain latched until the backup battery is removed. 

P MODE (Bit 8) 

This bit specifies the operational mode of the ASIC IBF and OBF 
pins. When this bit is high, and the ASIC is in its non-secured mode, 
the OBF and IBF pins are driven by the ASIC. The OBF and IBF 

30 pins' polarity are determined by bits 1 1 and 12 in this register. 

When P MODE is low, the ASIC OBF and IBF pins are inputs. In 
this mode, these pins can read and enabled as interrupt sources. 
5002 CS (Bit 9) 

This bit controls the signal level driven by the ASIC's 5KCS pin, 
35 which is used to select the DS5002. When this bit is high the 

DS5002 is selected. A hardware reset will cleared this bit. 
DISPCS (Bit 10) 

-sfcs^^ driven by the ASIC's DISCS pin. 

This pin is attached to the display controller on the core board. 
40 When this bit is high the controller is selected. This control is used 

for both reading and writing the controller registers. 
PAN WR (Bit 11) 

This bit controls the signal level driven by the ASIC's PANWR pin. 

Setting this bit will write data into the DS5002 RPC port or it will 
45 . .enable read data or strobe write dataTrom the d i splay controller. 

When accessing the display controller, the PAN RD bit determines 

cycle, reading or writing data. This bit acts as a strobe only. It not 

functionally related to the type of operation. 

' $f**»~*a„-**m* -^^i^^p;^^^g^^ig55lt4evel driven by the ASIC's PANRD pin. 

This pin is used for reading data from the DS5002 and defining the 
type of cycle being issued to the display controller. When set, and 
5002 CS bit is set (non-secured mode), the DS5002 will output its 
data to the panel bus. When accessing the display controller, this bit 
55 should be set for controller writes and cleared for reads. A hardware 

reset will clear this bit. 
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PAN ADD (Bit 13) 

This bit controls the signal level driven by the ASIC's PANADD 

pin. This pin is used to select one of the multiple registers in either 

the display controller or the DS5002. Prior to activating either the 
5 PAN RD or PAN WR bits, this bit should be set. While in secured 

mode, this bit is inoperative. A hardware reset will clear this bit. 
IBFOUT (Bit 14) 

This bit controls the signal level driven by of the ASIC's IBF pin. 

The IBF OUT pin is only an output when the P MODE bit is set and 
10 the ASIC is in a non-secured state. A hardware reset will clear this 

bit. 

QBFQU-T-(Bit-l-5)- 



This bit controls the signal level driven by the ASIC's OBF pin. 
When the P MODE bit is set, and the ASIC is in non- secured mode, 
15 this pin becomes an output whose level is controlled by this bit. The 

PIN driver is an open collector style output, an external pull-up is 
used to establish the high state logic level. A hardware reset will 
clear this port. 
Panel Data Path 

20 The panel data register is used hold data to be written into a 

peripheral on the panel bus. Since the mode of the panel data bus 
can change, the selectable peripherals can vary as follows. When the 
ASIC is un-secured, this data can be issued to either the display 
controller, MISC registers or the DS5002. When the ASIC is 

25 secured, the panel data register is attached directly to the DSS002 

not to the other peripherals. Hie panel data register must be enabled 
on the panel bus using the DATA ENB bit in the panel control 
register. 

30 MISC Control Register 

This register is used to select features associated with either the display or keypad 
operation. As noted below, this register has four levels to it. Selecting a particular level is 
done by specifying it using data bits 6 and 7 in the 16 bit port data word. One half of this 
register is affected by the security setting on the ASIC. If security is enabled, only the upper 
~eight bitS^Wi^egiSter can be read-none of them can be written to. When not secureafa^ 
bits are both read and write-able 

Embedded addressing provides a method of expanding the registers available 
through the panel bus without adding significant decoding requirement to both processors. 
The register levels and bit assignments are decoded as follows in Table 10. 



40 



Table 10 



Name Function Bit Sittings 

MISC'O " Keyscan and audio enable 0 0 

45 MISC1 Unused 0 1 

MISC 2 LCD contrast 10 

MISC 3 Backlite and readback pointer 1 1 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 Best Ava j| ab | e Copy 



PCT/US97/15514 



21 

KEY SCAN (Bit 0-2) (Misc 0) 

These three bits provide the column selects for the 19 key keypad 
matrix. Each bit ties to one of three ASIC PINs. Each PIN, when 
enabled by setting its SCAN bit high, drives a high level to the 
5 column of keys it is attached to. When low, the ASIC outputs tri- 

states. When a key is depressed, it will return a high level to its 
appropriate panel data bus bit. Reading the panel data port will 
return the depressed key location. 
KEYHENB (Bit 3) (Misc 0) 
10 This bit enables key detection by the 80C1 86 when the panel 

interface is secured. Typically, this feature is only enabled by the 

DS5002-but^inG^the-dual-processor-mode-shares-these-ports, this 

bit is visible to the 80C186 when not secured. 
AUDON (Bit 4) (Misc 0) 
15 The bit controls the activation of the beeper. When set, the ASIC 

will output a high level on the BEEPER PIN. This PIN is attached to 
a drive transistor on the communication board whose function is to 
activate the self-oscillating beeper. 
CONT [0..5] (Misc 2) 
20 These bits set the viewing angle or contrast for the LCD. 

KEYPTR[0..1)(Misc3) 

These bits select which keyscan register is read when the PANRD3 
register is accessed. 

PTR 1 0 Register 
25 0 0 Key scan and misc controls 

0 I Audio volume 

1 0 Contrast setting 
1 I Not used 

BK LITE[2..4J (Misc 3) 
30 These bits select the mode of operation for the backlite circuit. 

SDI 

This status bit indicates the security state of the panel interface. 
When high, security has been breached. 

PROG 

35 This status bit indicates panel buses mode of operation. 

OBF IN 

This status bit reflects the state of the OBF handshaking line .. ^.^ 

w- . * associated with the data port between the 80CW»h^ 

When high, the DS5002 has data available for the 80CI 86. When 
40 the DSS002 is not installed, this bit provides the return data path for 

information from the serial memory device on the low security 
board. 

IBF1N 

This status bit reflects the state of the IBF handshaking line 

45 associated with the data port between the 80C 1 86 and the DS5002. 

When high, the 80C 1 86 has written data to the port. 

TCAP 

This status bit reflects the state of the tamper capture register. This 

mss^a^z^S^^^^ az&n* register is ^^hj^.estm^ . v* 

v - " level security board or the DS5002 security board, lliisregis^s^^^^ 

cleared by the TCAP ENB bit in the panel control register. 
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22 
UARTs 

This section describes the six Universal Asynchronous Receiver/Transmitter 
(UART) channels within the ASIC. Each channel includes a transmit shifter, receive shifter, 
control registers, status register and baud rate generator. Data is transferred between RX and 
TX shifting functions independently. This gives each channel full and half duplex 
capabilities. All of the UARTs connect to the 80C186. Data exchanges can be managed 
with either interrupts or polled operations. Additionally, one UART can be programmed to 
transfer-data using the 80C 1 86's direct memory access (DMA). 

Each UART is able to detect framing status, parity, and buffer overflow conditions 
on the data it has received. Status is collected on a per character basis. For these channels, 
reading the holding register ( 1 6-bit wide) will clear the status flags. 

UARTs 0,3-5 have transmit flow control which, when enabled and CTS inactive, 
will prevent the transmit shifter from loading data held in the TX holding register. 
Characters being shifted will not be affected by CTS inactivating. Disabling the transmitter 
15 will not truncate a character. The RTS enable in the control register is a general purpose 
control-it has no effect on the shifting circuitry. 

UARTs (0,3,4,5) have a noise filter on the receive serial line. This 3 of 5 vote filter 
will prevent serial line noise glitches from starting a false character start bit. 

The DMA function allows direct transfer of data between a holding register of 
20 UART 0 and memory. The DMA can only be attached to one shifter (80C186 

programmable, either Tx or Rx buffer). This restricts DMA operations to half duplex 
exchanges only. DMA can support 8-bit and 16-bit wide transfers on the receive and 
transmit. If 8 bit transfers are executed on the receive, the per character status information is 
lost. 

w - 25 The DMA circuit has two compare ? fegiWrs , Vvhich can b'eHSed to enable or disable 

data transfers based on serial data received. Only compare register 0 can adjust for frame 
size. With data compare enabled, the 8-bit values loaded into the register are compared 
against the data transferred into the Rx holding register. The DMA state machine looks for a 
match in the holding register only when the protocol bit is set. Once a match is found, all 
30 characters are transferred until another character with the protocol bit is found; at that point, 
character transfers are disabled and a DMA completion interrupt is generated. The DMA 
control bits are found in the upper byte of the secondary control register.^ 
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In the preferred embodiment, the UARTs are assigned the following channels: 



UARTO 


Tailgate/DCN 


(DMA) Direct connect to Comm and PIN Pad core 






board 


UART1 


SCR Core 


ASIC direct connection 


UART2 


SCR Comm 


TDM connect to Comm board 


UART3 


Modem/AUX 


TDM connect to Comm board 


UART4 


Pin Pad 


TDM connect to Comm and PIN Pad board 


UARTS 


Printer 


TDM connect to Comm board 



10 

Tlie_follo_wjng_dalaxhannds-canJ>^^ 
UART I Core SCR 
UART 2 Comm SCR 
UART 3 Modem/AUX 
15 UART 4 PIN Pad 

UART 5 Printer 

The TDM output register, when selected to drive these lines, can place the associated 
UART output PIN in either a high or low state. 

20 

Fractional Divider / Baud Rate Generation 

Three fractional dividers are supplied to create baud clocks for the Standard and 
Smart Card baud rates. The first fractional divider (0) is used to generate the base clock for 
the standard baud rates. Its output is brought into a divider to supply all the standard baud 

25 rates. The fractional divider should be programmed for the highest baud rate necessary. 
This configuration will allow all standard baud rates. The second fractional divider (1 ) is 
used to generate the baud rates for the core Smart Card UART (1). The third fractional 
divider (2) isusedjo,genera^ module Smart Card UART (2). 

The outputs are used as the x 1 6 clock for the UARTs. 

30 The fractional divider has two registers: an 8-bit schedule and an 1 1-bit 

divider/fraction register. The divider value sets period of the output signal. The fraction 
value is the denominator of desired fraction. The values placed in the divider/fraction 
register are oneJess_than.the„value.intended. .The schedule value indicates the numerator of 
the fraction. 

35 At each Terminal Count (TC) of the fraction reg, the output waveform toggles and 

-^**==3agji^^ reglSTer? The bit pattern inHfe^ ^ g^ 83 ^^ 

schedule register should be evenly dispersed. 
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The resulting output frequency follows the following formula: 

Fin = Input Frequency = 12MHz 
Mn = Fraction Denominator 



Md = Divider 

Sched = Sum of the Schedule bits 

10 The Fraction/Divider register bit definitions are: 
7: - 0: Divider Register 

This is the whole number part of the divisor. Its value is one 
less than the intended value. 
10: - 8: Fraction Register 
IS The value placed in this register is one less than the 

denominator of the fraction part of the divisor. 

The Schedule register bit definitions 
7: * 0: Schedule Register 
20 The sum of set bits in this register is equal to the numerator 

of the fraction part of the divisor. The number of bits used 
by the scheduler circuit is equal to the denominator of the 
fraction. The bits are used from the least significant bit 

* - (LSB) on up. The set bits should be evenly spaced in the " oSs2aaS2 ^^ 

25 used bit locations. For example, To generate standard baud 

rates, an output of 1 1 5.2K • 1 6 = 1 843200Hz. 1 2Mhz / 
1 843200 = 6.51. Therefore, Md = 6 (divisor reg = 6 - 1 = 5d 
(5h)). If 1/2 is used as the fraction, then Mn = 2 (fraction 
reg = (denominator^)^ F= 1)7 TKe schedule register 
30 needs 1 one-bit in the lower 2 locations (Sched = 1), 

therefore, the schedule reg = xxxxxxO 1 (or xxxxxx 1 0)^ The 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 Best Available Copy 



PCT/US97/15514 



25 

(12M*2)/(2*6+l)= 1846154 
with (1843200/1846154) * 100 = 99.84% accuracy (.16% 
error). 
Common Values: 

5 FD0, Standard Baud Rates: div/frac = 1 05h, sched = 01 h 

(.16% error) 

FD1, Smart Card Baud Rate: div/frac = 505h, sched = IFh 
(.13% error) 

10 CPU B1U 

The CPU B1U is a circuit used to connect the 80C1 86 to its memory and I/O. The 
data path components translate the 16-bit processor bus to the 8-bit memories. This 
translation circuit includes a prefetch queue that fetches the contents of the next memory 
location when a code fetch bus cycle is executed. Since the memory interface is 8 bits, this 
15 queue provides close to 16 bit performance. I/O devices within the ASIC should only be 
accessed as 16 bit registers unless otherwise specified. 

There are three different levels of performance delivered by the 80C1 86 processor. 
These levels are controlled by a combination of the processors internal wait state circuitry 
and the ASIC. The first level is established by the processors internal wait state generator. 
20 After reset, this circuit forces each bus cycle to have a minimum of 3 wait states. 
Performance will remain at this level until the application changes the setting of the 
processor chip select registers. Once disabled, the ASIC will control the length of the bus 
cycles. Table 1 1 listed below indicates the different cycle lengths for various 80C1 86 bus 
executions. Before enabling the ASIC mapper and que circuits, the processor chip select 
i* 1^^.- 25 registers must be disabled from influencing bus cycle-lengths - . 

Tabic 11 

I/O 8 bits 0 wait states 

30 I/O 1 6 bits 0 wait states 

Memory read 8 bits 0 wait states 

(odd or even) 

Memory read 1 6 bits 2 wait states 

Code fetch 8 bits 0 wait states 

35 Code fetch 1 6 bit queue match 0 wait states 

Code fetch 16 bit queue mismatch 2 wait states 



It will take two cycles for the queue to fill after it has been enabled. Eight bit code 
fetches force the queue to purge. Refilling takes two cycles before a match can be made. 
40 Once the queue is enabled it cannot be disabled. DMA bus cycles operate under the same 
constraints as the listed CPU cycles. 
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MMU/Protection Se\etf<\ 

The memory management unit (MMU) provides programmable mapping of the 
CPU's I Megabyte (MB) logical address space to a 12MB physical address space. The MMU 
5 is built around a programmable lookup table that is indexed by the upper 4 address lines 
from the processor. The contents of this table create the extended address and provide 
selections for the six devices connected to the eight bit memory bus. The extended 
addressing-provides up to 2MB of linear space for each of the six devices. From the 4 
processor address lines, 16 table entries arc created. Each entry provides 64K bytes of access 

10 to the device it selects and the extended address selects one of 32 - 64K segments in that 
device. The mapper has two of these programmable tables. They are selected through the 
map control register. From power up the MMU is disabled. While disabled, its outputs are 
forced to select only the boot FLASH device and provide access to its upper 64K segment. 
From power-up the mapper tables are undefined, prior to enabling the MMU, these tables 

15 must be initialized. 

The MMU also provides protection tables that give the operating system the ability 
to lock areas of memory from write operations. These tables are also indexed by the upper 4 
processor address lines. Like the mapping tables, there are two protection tables. The one 
select bit in the map control register selects both map and protection tables. Each bit in a 

20 table entry corresponds to one of 16-4k byte segments found in the indexed 64K space. 

When a protected area is written to, the MMU will generate a non-maskable interrupt (NMI) 
interrupt and block the write cycle from occurring. DMA operations are not affected by the 
protection circuit. These bus cycles can write into protected space without experiencing NMI 
interrupts or the failure to store information. 

25 Table initialization takes^rtace^through :r;dependent4/©'ports to the mapper and 

protection circuits. A table pointer is provided to index the 32 locations in each circuit. This 
pointer can be set to any one of the 32 table entries. Each write or read to the associated port 
will cause the pointer to advance. The next port access will be to the advanced location. 
Since this pointer is shared, the mapper and protection tables must be initialized 

30 independently. lLwould.be fatal if an access to one table port was followed by an access to 
the other. The resulting condition could produce incorrect table information to be written. 
When the corrupt table is used, the processor will lose its execution sequence. 
~'"^* g;iS M events of this " 

register are detailed in Table 12. 
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Tsble 12 

MMU ENB (Bit 0) 

This bit is used to enable the memory management unit. Once set, 
5 the chip selects, write protection and extended address lines will 

activate as instructed by the contents of the MMU tables. 
PTR LD (Bit I) 

This-bit-is -used to preset the initialization table pointer. A low to 

high transition on this bit will load the pointer with the PTR bits 
10 from this register. Setting the PTR bits and transitioning this bit can 

occur in the same output bus cycle. A hardware reset will clear this 
bit. 

MAP SEL (Bit 2) 

This bit selects which of the two map and protection tables is used. 
1 5 Low selects PTR entries 0- 1 5, high, select 16-31. The selected table 

is taken after this output cycle finishes. A hardware reset clears this 
bit. 

QUEUE ENB (Bit 3) 

This bit enables the prefetch queue circuit. A hardware reset clears 
20 this bit. Once the Queue is enabled, only a hardware reset will turn it 

off. 

PTR 0-4 (Bits 8-12) 

These bits specify the preset value to be loaded into the table 
pointer. See PTR LD bit description in this register. 
25 -i&sgs&sssszs?^ «*-~ — — >»*t3s'ssz»^^ > »^'^-»««'* 

Programmable Interrupt Controller (PIP 

The PIC is used to manage the interrupts presented to the 80C1 86. These sources 
include both maskable and non-maskable functions. The maskable interrupts are combined 
and passed through the PIC and to the appropriate IRQ input on the processor. Mask controls 
30 for these interrupts are located in the control registers for those particular functions. All non- 
maskable interrupts are maskable through the PIC's control register. The PIC does not 
provide any interrupt prioritization. Statusing both the maskable and non-maskable sources 
^^-ca^ registers provide BftthiS^ 

non-latched signaling for the NMI sources and, non-latched signaling for the non-maskable 
35 sources. Clearing a latched NMI source requires applying the appropriate mask. Keeping an 
NMI mask active will block that interrupts source. 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 



Best Available Copy 



PCT/US97/15514 



28 

Interrupts generated by the maskable outputs connect to the 80C186 IRQO-3 lines. 
These signals will require the 80CI86 interrupt controller be placed in level mode interrupt 
operation. To clear the interrupt line, the program must satisfy the source making the 
request. Refer to the appropriate section to determine how this is done. Besides the external 
5 interrupts from the ASIC, the 80C1 86 has the following internal interrupt sources to 
maintain. 



Timer 0~]~2~ These sources sfiarfc a common interrupt controllerchannel but they vector 
to a unique handler location. The three timers share a common priority and 
10 mask. Each timer has an enable bit in its control register. In our design, these 

timers are for general purpose use. 
DMA 0, 1 - The DMA controller can be programmed to interrupt the processor upon 
transfer count depletion. Each DMA circuit has its own interrupt channel 
with separate vector and mask bit. Within the DMA control register is an 
15 interrupt enable bit. The DMA terminal count interrupt is whenever a single 

byte is transferred by the Tailgate/DCN UART, or the max transfers have 
occurred while swiping a card. 
Operations of the PIC are controlled through the PIC Control Register details of 
which are found in Table 13. 

20 

Tabic 113 

PFENB 

The power fail enable will allow power fail interrupt to generate an 
25 NMi. Setting this bit will enable this source to generate an interrupt. 

The power fail capture enable bit (bit 7) must be set to first capture 

^jssg&sz*^*' ^.ta^^ ^^ower fail signal. Hardware reset clears this bit. ■•• fl<MSS * p * 

CSERENB 

The Chip select enable allows a program access error to generate an 
30 NMI. A program access error is caused by the 80C186 accessing a 

page which the mapper has specified as inaccessible. The GNU bit 
in the mapper select table enables this protection. Setting this bit 
will enable this source to generate an interrupt. Hardware reset 
clears this bit. 
35 WRER'MSK 

The Write protection mask prevents a write protection error from 
generating an NMI. A write protection error is caused by the 
8.0C1 86 writing to a mapper protected segment. of memory. P0..15 in 
M^r^^^^iB§S a PP^ r frotection table selects thi^rFte^ 
40 wiil mask this source from generating an interrupt. Hardware reset 

sets this bit. 
PF CAPTURE ENABLE 

The power fail capture enable allows the power fail signal to be 
captured. This bit must be set to allow the power fail capture and 
45 NMI circuit to be affected by the state of the power fail line. 
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Status of the various PIC operations can be accessed through a PIC Status register 0 
and PIC Status Register I 

SCR Interface 

5 This section describes the programmable interface and electrical support for the two 

smart card readers in the product. The core smart card reader, which is always available, is 
directly controlled by PINs on the ASIC. The Comm smart card reader is also controlled by 
the ASierburtt-irremotely-att^^ is only 

accessible when the TDM circuit is running. Both readers share common control and status 
10 registers and complement each other. Both readers are capable of supporting serial memory 
and microprocessor cards. The UARTs for these readers are not described in this section. 
Refer to the DART section for detailed description of their operation. 

Serial Memory Cards 

15 When working with serial memory cards, you must switch the interface to the 

manual operating mode. To program the SCR interface for manual operations, you must set 
the CMX bit in the SCR control register. When set, the constant clock source is blocked and 
the CKO bit setting is passed to the card clock PIN (note the CKO bit is also found in the 
register). To manually control the data line, the appropriate DART must be programmed to 

20 set or clear the output as necessary. 

The UART output is gated by a transmit enable that is used to control data direction 
between the ASIC and the card. Controls for the UART line level can be found in the UART 
control register. When reading a bit from the card, the same UART receive line can be 
sampled. There is a status bit in the UART status register that reflects the state of the data 

<w-^* .-.*an^*M*'*25»* line. When communicating with these cards, data is typicallylfe^s^ciro 

one edge of the card clock new data is either issued or returned. 

Microprocessor Cards 

When compared to the serial memory cards, the microprocessor card has a much 
30 higher level of sophistication. These cards communicate with their host using somewhat 
standard asynchronous frame formats. Also, they require a free running clock to activate 

their internal processing mechanism. When selected, the ASIC provides the services _ 

^S-^SSa^si^^^^^^- neceSsfify to interact with tfiese^^sT^electing ^e^S^'Silxi^^^^^C^)^^^^^ 

control register) will enable the free running clock source to the card. The associated UART 
35 provides all of the controls necessary for bi-directional communication, various frame 
formats, and automatic parity acknowledgment and re-transmission. 
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This means that during transmission (Tx), the UART will check the state of the 
receive (Rx) line. If a low Tx/Rx line is detected, indicating the card detected a parity error, 
the UART will re-transmit the char and interrupt the processor. If a high Tx/Rx line is 
detected, the UART will transfer the next char from the Tx buffer into the shift register and 
5 interrupt the processor. The advantage of this is that the UART is able to handle some of the 
low level error detection rather than passing this off to the processor. During Rx, if the 
UART receives a char with a parity error, the UART will enable the Tx driver and drive the 
linel owT The rece i ved~c haf~ i s~tra~nsf 6rfrd~to~t hFRx~Fl FO w i th a parity error indicated. 

10 Card Detection 

Each card acceptor has a card present contract that is brought into the ASIC to 
control the card power circuit and provide status to the 80C1 86. The status from this contact 
can be enabled as an interrupt source to the 80CI 86. Once enabled, an interrupt is generated 
when the card is removed from the acceptor. Likewise, the reset, clock and data lines are 

15 lowered, and the card power circuit is turned off (provided they are not already off). For the 
80C186 to activate card power and enable the drive to the other contacts, it must debounce 
the present contact-making sure the card has come to rest in the acceptor (this is a polled 
operation). Once stable, power can be applied by setting the PWR bit the SCR control 
register. This bit is an edge-sensitive enable; transitioning it from low to high will activate 

20 the power circuit. If the card is removed while this bit is set, power is forced off (with the bit 
remaining set). Power status can be qualified by reading the FLT and SW bits in the SCR 
status register. 

Diagnosing the Card Accentor 
25 To assist in problem solving, each t^^ontSct can "be read^^k' tRrough the ASIC. 

This includes the RST and CLK PINs which are normally only outputs. The FLT status from 
the card power circuit provides an indication of overcurrent, out of regulation, or thermal 
overload conditions. If the FLT was read low (when it should be high), it is important that 
the other card contacts are cleared immediately. Before activating any other card control, 
30 good power status should be read. 

Operations of the core SCR can be controlled through a SCR Control register 
(SCRWR) which is detailed in Table 14. 



Table 14 



35 



SCR I CMX(BitO) 

This bit selects the manual verses fixed clock mode to the card. 
When high, the fixed clock is output on the CLK PIN from the ASIC 
(remember, the clock will only be driven after card power is 
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applied). When low, the CKO bit determines the level output from 
the CLK PIN. A hardware reset clears this bit. 
SCR1 RSO(Bit 1) 

This bit determines the reset level output on the ASIC RST PIN after 
5 power is enabled. If power is disabled, the ASIC RST PIN is low. A 

hardware reset clears this bit. 
SCR1 PWR(Bit2) 

This bit controls the card power once the card contact has activated. 
A low to high transition on this bit will enable the card power 
10 supply. Because the card contact gates this bit, being high does not 

necessarily mean power is on. A hardware reset clears this bit. 

GR-l-GKQ (Bit-3) 

This bit specifies the level that is driven out of the ASIC CLK PIN 
when the CMX bit is set and power is enabled. 
15 SCR1 1ENB (Bit 4) 

This bit is used to enable the interrupt from the card contact. When 
the card is removed, and this bit is set, the 80C 1 86 is interrupted. A 
hardware reset will clear these bits. 
SCR I DWN (Bit 5) 

20 This bit controls the clamp used to crowbar the card power supply. 

The clamping circuit improves the card inactivation time. When this 
bit is cleared, the clamp is on. Before enabling the power, make sure 
this bit is set. A hardware reset will clear this bit. 

25 Status of the SCR can be obtained by accessing the SCR Primary Status Register and 

SCR secondary status register. The comm SCR control including the SCR/SAM 
multiplexing is controlled through the byte bus by the secondary ASIC 306 shown in FIG. 
15. 



30 DMA Control 

There are two DMA channels within the 80C186 processor that will typically be 
used to transfer data between memory and the Tailgate/DCN serial channels and the MSR 
and memory. Operatig^tthe 80^1 86 DlVi^ channels requires programming both a source 
and destination address into their control registers. For memory to I/O transfers, this requires 

35 programming the I/O port address. These channels can also be used for memory to memory 
transfers. 



ASIC ID _ — ... 

The ASIC will provide a unique ID for eveiy revision it goes through. The 8 bits of 
40 identification are found in the Interrupt status register. 



T DM Interface 



The TDM serializer provides bit level data exchange between the core and 
communication boards. This serializer runs constantly when enabled to reconstruct the 
45 information being transferred. For the most part, the majority of this information is static. To 
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belter utilize the serialized bandwidth, the frame has been sub-divided into three levels of 
performance. Listed below in Table 15 are the three levels and their associated hardware 
assignments. A visual representation of this 80 ms frame is shown in FIG. 16. 

5 Table 15 

High speed frame 1 .25ns update rate 





CH 


OUT 


IN 




0 


SCR2TXD 


SCR2 RXD 


10 


1 


MODTXD 


MOD RXD 




2 


PPTXD 


PPRXD 




3 


PRN TXD 


PRN RXD 




4 


M SPEED SLOT 


M SPEED SLOT 




Medium speed slot (M speed) lOps update rate 




15 


CH 


OUT 


IN 




0 


SCR2 DIR 


EXTI INT 




I 


SCR2 CLK 


SCR2 CLKJN 




2 


PRNRTS 


PRNCTS 




3 


PPRTS 


PPCTS 


20 


4 


MODTST 


SCC INT 




5 


TBD1 


EXT INT 




6 


TBD2 


SCR2 SW 




7 


S SPEED SLOT 


S SPEED SLOT 




Slow speed slot (S speed) 80ps update rate 




25 


CH 


OUT 


IN 




0 


SCR2 PWR 


SCR2 FAULT 




1 


SCR2 CLKMX 


RTC DIN 




2 


MOD TALK 


MOD IN-USE 




3 


TBD3 


PRN PAPER 


30 


4 


SCRRST0 


SCR2 RSTI 




5 


RTCCLK 


AUX DSR 




6 


RTC RST 


EXT2INT 




7 


RTC DOUT 


EXT3INT 



35 It should be noted that frame update rates are based on a 4 MHz serialization clock 

rate and would be different if the clock rate were changed. 

The top level services devices that have the highest switching rate. Within the 
highest level, one of its time slots is assigned to the medium level attachments. For every 
pass through the high level, one medium bit is transferred. Likewise the medium level has 
40 one bit assigned to the lowest level. After all high, medium and low level bits have been 
sent, one frame pulse is generated. 

Once the TDM is enabled it will take time to frame periods before data starts 
sffg^cda ^^iy t. ^ ugdating^at thejeceiv^ eliminate spurioi^,dat2Lfrorn-entering the ^ 

hardware attached to the TDM registers. 
45 At power up the TDM port is disabled. It should remain disabled until the core 

application has determined the type of device it is attached to. This can be done by reading 
the TDM status register and branching on the setting of the TIN0 input. If this input is high, 
the device attached has the TDM circuitry and TDM port can be enabled If the input is low, 
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the TDM port must remain inactive. Without the TDM port, the Core directly drives two of 
its UARTs out over the TDM signals. 

Operations of the TDM bus can be controlled thorugh TDM Control Register which 
is further detailed in Table 16 and a second TDM Control register detailed in Table 17. 

5 

Table 16 

CTLO (Bit 0) 

This bit can be used as a general purpose output when the TDM is disabled and the 
MODE and TDM ENB bits are low. The ASIC TCLK PIN follows the setting of the 

10 bit— A-hardware reset clears this bit. 

MODE, TDM ENB (Bit 1,2) 

The following defines the function of these two bits. A hardware reset clears both of 
them. 



15 Function MODE TDM ENB FRAME TCLK BBD 



TDM I 



TDMO 



20 



Man out 
Input 
TDM 
TDM 



bit 

0 

0 

1 

1 



bit 
0 
I 
1 

0 



PIN PIN PIN PIN PrN 

CTL1 CTLO PRN RXD SCR2 TXD SCR2 RXD 

pulldown pulldown PRN RXD SCR2 TXD SCR2 RXD 

0 0 0 0 0 

FRAME TCLK BBD TDMI TDMO 

pulse pulse 



25 



30 



35 



40 



MOD TLK (Bit 3) 

Modem talk control. 
RTCCLK (Bit 4) 

Real Time Clock. On the slave/secondary ASIC, this signal is used 
to clock data into an out of the RTC. Data is input to the RTC on the 
rising edge of this control. Data is output from the RTC on the 
falling edge. 
RTC RST (Bit 5) 

Real Time Clock reset. This signal resets and initializes the RTC. 
When low the RTC is reset and it will ignore all other control inputs. 
RTC DOUT (Bit 6) 

Real Time Clock data out. This open collector signal presents data to 
the RTC. When low, a low is seen on the RTC bi-directional. data^ 
PIN. When high, the data PIN is pulled up by a resistor. Data written 
to the RTC must be presented before the RTC CLK is raised. 
CTL1 (Bit 7) 

General purpose output. This control is output only able when the 
MODE setting low. 
MODTST (Bit 8) 

Modem Test control. 



Status of the TDM can be obtained from a TDM status register and a TDM Status 



45 m register. 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 



Best Available Copy 



PCIYUS97/15514 



34 

Table 17 

ENBSCC,lPTRJEXTl-3 

These controls are used to enable the interrupts from their applicable 
source. When set, the interrupts are passed through to the processor. 
5 A hardware reset will clear these bits. 



Byte Bus 

The byte bus is a clocked bi-directional interface used to send high level command 
and status information between the core and Comm modules. All bus operations through 

10 this port are initiated by the core. A bus cycle begins by the core transmitting to the comm 
module. As part of this cycle the comm module returns a response. The bus cycle is made 
up of 55 clocks. These clocks are associated with 32 bits of information transmitted by the 
core. 1 8 of the bits are returned by the comm, and 5 bits are for line coordination. The 
comm module detects an incoming frame by the reception of the sync field. The pattern of 

15 this field is unique to the high level idle state of the bus. The frame bit assignments are as 
follows: 



CORE SYNC 8 

CORE ADD 6 

20 CORE CMD 2 

CORE DATA 8 

CORE CHECK 8 

LINE CONDITION 2 

LINE TURNAROUND 2 

25 COMM READY 1 

COMM TX Error 1 

COMM DATA 8 

COMM CHECK 8 

LINE TRI-STATE I 



The definition of these bit assignments is detailed in Table 18. 



Table 18 



35 CORE SYNC 

The sync field is used to enable the comm receiver to the incoming 
frame information. This pattern is equivalent to a 81H. 
CORE ADD 

The address field is used to select a byte bus peripheral. This field 

:i **^. JL w ~ • * CORE COMD - ^ - • " 

The command field identifies the type of I/O operation that the 
selected peripheral is to perform. 
CORE DATA 

45 The data field transfers data to the selected device. 

CORE CHECK 

The core check character is an 8-bit CRC used to validate the data 
sent by.the core. This check character is matched by the command 
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returned as a communication transmission error if it is incorrect. 
This error code is returned in the same bus cycle 
LINE CONDITION 

The line conditioning bits force the level of the bi-directional line to 
5 a high state. This conditioning overcomes a possible low level float 

state left by the check character output. Once the line conditioning 
bits have been issued, the pull-up on the bus will keep the line at a 
high level. Conditioning is necessary since a constant high returned 
by the comm module will generate error (check character failure). If 

1 0 the line were left to float up, it might not return high by the 

beginning of the comm module's response. 

blNE-TURNAROUND 



These bits are used as padding to allow the core transmitter to turn 
off and the comm transmitter to turn on. During this interval, the 
15 information on the bus is invalid. 

COMM READY 

This bit indicates the comm ASIC is ready for another transaction. 
COMM TX ERROR 

This bit informs the core that the transmission just sent did not 
20 validate correctly, Before acting on this setting. The comm check 

character must be validated. If the check character is good, the 

value of this bit can be used; if bad, the entire operation is in 

question. 
COMM DATA 

25 Data returned by the comm is in response to either the prior 

command or the general status. A valid check character must be 
received before this information can be used. 
COMM CHECK 

The comm check character is an 8-bit CRC used to validate the 

30 response from the comm module. If this check fails, a system error 

response should be issued to the operator. Any attempt to recover 
from this error should assume that the last command issued did not 
execute correctly. Recovery includes issuing a soft reset command 
to the interface. 

35 LINE TRI-STATE 

This is the end state to a bus cycle The comm module will release 
its drive on.th^jbus^^e core is able to start a bus cycle whenever 
the bus is not busy. 

40 For a device in the comm module to request service one of the four TDM interrupt 

sources can be programmed to interrupt the core processor. This interrupt request is 
transferred through the TDM port. In response, the main PCB will have to query the comm 
peripheral to determine its needs. The comm module cannot initiate a byte bus cycle 
directly. 

45 The byte bus interface is a single 1 6-bit read/writeport within the 1 86's I/O space. It 

is used to access byte wide peripherals within the irommunicatTbns module. A byte bus 
transmission is initiated by the processor writing to the byte bus I/O port. A complete write 
or read cycle to or from a peripheral is executed within the byte bus cycle. The byte bus 
front end has a five deep command first in first out (FIFO) buffer for queuing up Byte Bus 
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5 



instructions. This FIFO should be used only for consecutive writes to byte bus peripherals. 
The byte bus port is defined as follows in Table 19. 

Tabic 19 



WRITE - Control port 

B>is Description 

15-10 Peripheral Address: A5-A0 

9, 8 Byte Bus Command: read, write or reset 

JO TJ) Byte3us_Data:JDataJo-be^^ 



READ - Status port 

Byte Description 

12 Tx FIFO full: The five deep FIFO is full and cannot accept additional 
15 commands. 

1 1 Byte Bus Idle: The byte bus cycle is complete. Data has been written or can 
be read. 

10 CRC error: The CRC check failed on the packet received from the 
communication module. The returned data is invalid. 
20 9 Tx error: The communication module reports a CRC failure on the packet 

received from the core module. No Byte Bus peripheral cycle was 
executed. 

8 RFU: 

7*0 Data: Data returned from a byte bus peripheral. 

25 

Magnetic Stripe Reader 

The magnetic card reader 68 is preferably a swipe style magnetic card reader capable 

of reading cards encoded with data conforming to ISO 781 1-4 for 1ATA (Track 1,210 BPI) 

and ABA (Track 2, 75 BPI) tracks, and ISO 781 1-5 for the THRIFT track (Track 3, 210 
30 BPI). Of the tracks listed, only two can be installed in a product. Configurations are: Tracks 

1 & 2; andTracks 2 & 3. 

Software^and -hardware will preferably support card swipe speeds between 5 and 45 

inches per second. The reader life is roughly 300,000 passes. The only ongoing 

maintenance required is periodic head cleaning to remove oxide buildup. If a card is put in 
35 on top of the magstripe head, the head will not be damaged and will still read future cards 

reliably. The reader will also preferably have the ability to read high coercivity magstripe 

cards. 



1C Card Reader 

40 - - — - The systerh/terminal c'ajrixpj^^iyihave up to two IC card readers. The Core unit 30 
will preferably always have the card reader 80. The second reader 130 can optionally be 
added to the communication module 100. Both card readers 80 and 130 will conform to the 
ISO 7816 specification. Card clocking is set by the AISC or manually clocked by the 
microprocessor of the main board 46. Communication data rates are adjustable to conform to 
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the clock rate. For most microprocessor cards, serial data is exchanged using a typical 
asynchronous 10 or 1 1 bit format with parity. Detection of improper parity is done by the 
hardware. If a parity error is detected, the hardware can be configured to re-transmit the 
same data. To ensure glitch free operations all driven card contacts are switched using a 
5 common clock source. The affected signals are the power, clock, data and reset. To power 
the card, the interface uses a disable-able linear regulator. This regulator maintains a 
constant voltage to the card and, at the same time, it checks for error conditions. These 

— — --conditions-ineludc-overvoltage and undervoltage, over current and over temperature. A fault 
detected by the regulator is returned to the microprocessor. 

10 Each card acceptor has a card insert contact. This contact must be made before 

power can be applied to the card. If this contact is broken while the card is powered, the 
hardware will immediately turn off all driven card contacts including the linear regulator. 
For diagnostic purposes all driven contacts can be readback. This permits detection of 
foreign materials placed into the terminal. 

15 Since the two card readers are independent, different card types can be read simultaneously. 
Both card readers expect CR80 card form factors. 

The embodiment of the POS terminal shown herein includes a standard type of smart 
card reader, with a second smart card reader option on the communication modules. These 
smart card readers are preferably contact readers which do not read contactless cards. The 

20 standard smart card reader is located at the front of the core unit for easy card insertion by 
the operator. The standard IC card reader has a life of preferably about 200,000 inserts, 
while the second IC card reader has a life of preferably about 10,000 inserts. The standard 
card reader will accept the following card specifications: Microprocessor cards (Contact, 
ISO position, T=0, T=l, meets Europay/MasterCard/Visa (EMV) specifications) and Serial 
-^asaswjes?^-- memcr^cards^i^ferably the smart card reader will read a number of serial memory-cards?****-*'- • — 
including the following: GemPlus 416, Thompson ST130S (without VPP), GemPlus 
GPM896, and Siemens E2PROM serial memory cards. 

The 2nd smart card reader will accept the same microprocessor and serial memory 
cards specified for the standard smart card reader. Preferably both the smart card readers 

30 have a slight card securing mechanism (so the card does not fall out or terminate transaction 
when the POS terminal is bumped) and has a perceived "click" so customer knows card is 
inserted properly. It is a half insert reader with the card visible at all times. It preferably 



terminal will withstand a drop from 48 inches onto the card when card is inserted into POS 
35 terminal. The reader has card power management according to the EMV specification. The 
card can be removed by a consumer without special tools if power is lost. 
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The optional 2nd smart card reader is located on the bottom of the communication 
module. This will read a standard size card. There is an optional security door that covers 
this reader. This will be used by merchants who do not want the 2nd smart card reader 
accessible by consumers. The door can only be opened by inserting the tip of a smart card 
5 into a small hole next to the reader. When both smart card readers are installed, they can be 
read "simultaneously*' with non-multiplexed ports. Additionally, the 2nd SCR can also hold 
a plurity of SAMs which are multiplexed to a UART through the byte bus and TDM bus. 

Primer 

10 The printer 108 is a user installable module that can be optionally attached to the 

rear of the Communications module 100. Although the printer 108 can employ a variety of 
conventional printing techniques such as dot matrix or laser printing, it is preferred for the 
printing process to be done thermally. In the preferred embodiment, printed receipts exit the 
module's enclosure from the top of the unit. A serrated tear bar, built into the printer 
IS enclosure, will assist in removing forms. Within the printer module 108 is the printing 

mechanism, printer drive circuit board, and a paper roll. The enclosure is designed around a 
two piece ABS plastic assembly. There is space within the enclosure for a 2-inch paper roll. 

Motor and print head controls, as well as temperature sensors, are part of the printer 
PCB. The comm board 126 has the control circuits that advance the motors and activate and 
20 regulate the print dot thermal process. Power for the printer comes from the communication 
module 100. The printer PCB and comm board 126 are connected through a card edge 
connector 110. If the printer mechanism fails while it is printing, it can be removed without 
causing damage to either the control or communication boards. 

The printing process is preferably done one vertical column of eight bits at a time. 
• -f v, .*u&&srn2$j>> ^rThe activation and timing of this process is managed by the sec6nd&ijr/Sl5^AS*€ 306 otj^ !s:v ^ x ^^ 
the Communication (or Comm) board 126. When a row of dots requires printing, the 
secondary ASIC serially shifts the necessary data into the printer module print head and 
turns on the print head power. The activation time varies based on prior bit activity and the 
print head and ambient temperature measurements. Upon completion, the print power is 
30 turned off and the secondary ASIC advances the head to the next column. This sequence 

continues until an entire row has been printed. At the end of a row, the paper is advanced and 
the printing process continues in the reverse direction. 

^gTnicroprocessor of fS£lioi£TCEf^^ 
and head activation duration. It also controls head and platen advancement by clocking the 
35 stepper motor drive circuits on the printer control board. The temperature measurements are 
sent back to the core microprocessor as well as a head home sensor. In the embodiment 
shown, there will be two paper roll options. The small paper roll option is 82 feet long and 
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will print approximately 125 receipts (assumes 2 copies of each receipt). The large paper 
roll option is about twice as long and should print approximately 250 receipts. They both 
have the same 2 1/4" width paper. To fit each size paper, there are two paper roll cover 
options. These snap on easily for replacement purposes. 

Since this is a thermal printer which can only print on one ply paper, a second 
receipt copy will need to be printed for the customer copy. The paper feed capability will be 
handled through software. The typical duty cycle will be a 40 line receipt (a 20 line receipt 
-printed-twiGe-for-a-eustomer-and-merehant-eopy); 



In environments needing higher speed or other printing functionality, an external 
10 printer can connected through an RS232 port. In this case, the integrated printer need not be 
present. The POS Terminal might also include a high speed integrated printer. 

Memory 

The POS terminal memory is made up of a combination of both static random access 

15 memory (SRAM) and Flash. SRAM is generally used for data that changes (ie. batch data, 
negative files, application working space). Flash is generally used for the application code 
and operating system. This is done for performance reasons— Flash is fine when reading 
data, but slower than SRAM when changing data. Flash is less expensive than SRAM, 
which is why it is preferred for constant data. 

20 Since the operating system is in SRAM or flash memory, it can be downloaded to a 

POS terminal remotely, without having to physically replace EPROM chips. In one 
embodiment, the operating system is approximately 128K in size, with the remaining 
memory available for applications and data. 

Memory can be configured to meet specific application requirements. This 

25 configurable memory is in addition, to thfenjemgiya^ one 
embodiment, memory is expandable up to 3.7MB. For the unbonded POS terminals, 
memory upgrades can be done by service technicians in a depot environment. For bonded 
POS terminals, the POS terminals must be sent back to the factory (or service locations if 
they have bonding equipment). 

30 _ _ ..1 



Circuit Features 

In the preferred embodiment, an audio transducer allows for an audible beep, 

speaker with multiple tones for use in modem communications. An external speaker 
35 attachment might also be used. A real time clock and battery is used in all communication 
modules except the PIN pad module. 
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Connectivity 

A local area network (LAN) capability allows connection of several devices in a 
multi-lane environment. The POS Terminal might be used in a peer to peer LAN. The 
terminal will be able to handle either positive or negative polarity. In one embodiment, up to 
S 3 1 devices can be connected within 3,000 feet of cable. Peripherals supported include 
external PIN pad, external printer, check reader, bar code reader, and signature capture 
device. The peripherals are preferably connected through a RS232 serial interface. The POS 
terminal will support connectivity to the IBM 4683 ECR through either a RS232 or RS485 
(high speed tailgate) interface. It will attach to other ECRs, such as NCR 2127, through a 

10 standard RS232 interface. 

The POS terminal will support two types of ECR connectivity. In semi-integration 
connectivity the sale amount is transferred from the ECR to eliminate duplication entry on 
the POS terminal. The receipt information is also sent to the ECR for printing. The terminal 
still handles all EFT communication. With total integration connectivity, the ECR handles 

15 EFT communication to the host. The POS Terminal simply handles customer data entry 
functions, such as card acceptance, confirmation of amount, and PIN entry. 

The PIN pad version will be able to support an RS232 ECR connection and RS48S 
LAN connection at the same time. This will allow the ECR to send transaction data directly 
to the PIN pad, which processes the data, sends it off to the host via the LAN, and returns a 

20 response back to the ECR. A "Y" cable with power pack might be used for this purpose. 

ECR interface will be available for various Models of ECRs including the IBM 
4680, the NCR 2127, etc. The POS terminal PIN pad will emulate the NCR 4430 PIN pad. 
In one embodiment, it will emulate 12 of the total commands available on the 4430, which 
are the most common PIN pad functions. 

25 A Multiple BhiuiStiorf V PIN Pad AppiicafionXMEPPA) interface is also available. 

This includes both the Visa command set for DUKPT and the extended command set for 
Master Key Session Key. This emulation will allow the POS Terminal PIN pad to connect 
to various existing terminals. Visa is also a common protocol used to communicate with 
RS232 W PC type" ECRs. 

30 

Modularity 

The user or merchant should be able to attach and disconnect the integrated printer 
^^'^^an^^ will be needecP 2 ^ 

to attach/disconnect the communication modules or add memory using special handling 
35 techniques. If the unit is bonded, the unit cannot be disconnected and must be sent back to 

the factory for upgrades or repairs. Also, through a service contact, the modular pieces of 

the OS can be updated through a remote communication link. 
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Telecommunications 

The standard modem on the communication module supports asynchronous 
communication. The enhanced communication module supports synchronous 
5 communication. The base modem handles at least 2400 baud, with fallback ability to 
communicate at 300/] 200. A typical 256K application should be able to be remotely 
downloaded at 2400 bps within 15 minutes. 



Processor 

10 One embodiment of the POS terminal core unit has a 80CI86 processor and which 

runs at 12 McgaHertz (MHz). It has the capability of performing DES/RSA encryption and 
has tamper detection and bonding (PIN pad only) options. There is also a high security 
version of the core unit, which in one embodiment has a Dallas 5002 secure chip in addition 
to the 80C186 processor. This might be used for environments where very high security is 

15 required, such as PIN encryption in Canada and some parts of Europe. This version will 
generally have tamper detection and be bonded for tamper evidence. 

Agency Certifications 

This POS Terminal will preferably be certifiable to meet the following standards: 
20 Safety: UL 1950 Listed (U.S.) 

C22.2, No. 950 (Canada) 
TUV EN 60950 (European) 



Electromagnetic Compatibility; "CE" Mark (European) 

-25%a^cico:^Tentu^ to be registered under the rules for devices " 

connecting to the public switched telephone network in the U.S., Canada, and other 
countries as required (Canada-IC CS03 for auto dial, IC CS02 for leased line and 
U.S.-FCCPart68). 

A surge protector is recommended to protect against lightning strikes in areas prone 

30 to this. 



Operating System _ 

system ^^^^^^SX^^^^^ 
available at the application level, a flexible development environment with Unix-like 
35 interfaces and support for C language applications. Multiple applications will be supported 
in the same terminal. The different applications can be downloaded separately and are 
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protected from each other. The operating system supports interchangability of terminals on 
the LAN. 

The workstation will be designed to remember its last default settings-address, 
printer, other peripherals, etc. On power up, the terminal is designed to auto-install and 
5 configure from the gateway. Memory overwrite protection on 4K maps for static RAM is 
included. 

The operating system (OS) consists of a set of objects. Each object is a sub system 

ofthe^Sr~Forexampte^^ 

Furthermore, each object performs OS work through member functions (alternately just 
10 functions). A member function is an operation on an object: for example, read ( scCARD, ) 
is a member function that reads data from the selected sc_CARD object. 

This approach allows various operating system models to be built with different 
objects to fit within the same memory constraint. Alternately, several memory constants can 
be defined to allow families of operating system models. For example, four OS models (one 
IS family) can be created that act the same except for different download protocols, as well as 
another two models (a second family) that act the same except one model can download with 
either protocol A or B, and the other with either protocol C or D. 

The preferred embodiment OS includes the following identified classes of OS 

objects: 

20 Input/output devices 

keyboard 
display 
tone 

clock calendar 

^S^'V^sv^^riW v**™** rns card ' »• «^ --^<asdB*« ! ^?acj 

sc_card 
modem I/O 
serial I/O 
printer 

30 communication layer (e.g., network interface card (NIC)) 

debugger 
diagnostics 

. '-^^u^^^^^- --«i8ader and protocol^**^^ 

OS kernel. 

35 user interface (e.g., director) 
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Each particular class of objects may have one or more objects; for example, there may be 
two display objects because there are two different types of display hardware. Even with 
this difference, there can be some functions that are the same for similar objects. 

Other benefits accrue with this object approach. For those familiar with the Object 
5 Oriented methodology, encapsulation occurs as a by product. Encapsulation hides the 
internal workings and data from other object. It permits access only through well defined 
external operations, i.e., member functions. Encapsulation reduces coupling, and hence 
increases reliability. 

Besides previous definitions for objects, classes, and member functions, two other 
10 terms are defined, including interface and vectoring: 

Interface is the code and data structures set in place to transfer to an OS 
object from the application or another OS object, as well as return to original 
caller. 



15 Vectoring is one means of transferring control. Vectoring uses addresses 

pre-stored in the interrupt vector locations starting at location zero. 
Vectoring OS accesses an address with a jump (JMP) instruction for 
performance reasons, rather than an interrupt (INT) instruction. 

20 Also defined are two data structures, ObjectTable and FctTable: 

The ObjectTable is an array of far pointers located in the OS data area. Each 
far pointer is the starting address an OS object, which consists mostly of an 
object's member functions. The OS object's starting address is obtained by 
indexing into the ObjectTable, using the object index (which is usually set to 

25 a multiple of four for indexing far pointers^Wnoimake-error checking^easier?«^- 

far pointers to a dummy object, which always return SYSERR, are stored in 
the ObjectTable for non-existent objects. 

A FctTable data structure is an array of near pointers located within 
30 each object. Each near pointer is the offset of one of the OS object's 

} member function. The member function's starting address is obtained by 

indexing into the FctTable, using the function index (which is usually set-to 
a mu2tip!e?oft>volf^ ; 
easier, near pointers to a dummy function, which always return SYSERR, 
35 are stored in the FctTable for non-existent member functions. 
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Two types of calls within the OS can be done: intra-object and inter-object calls. 
Intra-object calls are calls within the same object and are translated as near (16 bit) calls. 

Inter-object calls are calls from one object to a different object. Since each object 
will be linked separately, access to other objects member functions can not be done at link 
5 time. Instead, they will be dynamically linked by vectoring to an OS function (and returning 
back to the preceding OS function). This is accomplished as follows: 

h OS-code-=>-0S-stub-functiori 

The OS code first pushes any parameters on the stack. Then it calls the "OS stub 
10 function". For example, there could be a wait( ) or read( ) OS function called: 

call _wait 

call _read 

15 

2. OS stub function -> Function table jump code 

The OS stub function, representing the OS function, is linked into the first object's 
space with the OS library, osjcts.lib to satisfy the linker. On entry, a register is first set to 
the index member function index. 

20 There are two cases depending whether the OS call is for device input/output or not. 

If it not a device input/output call, the object index is used as is. If it is a device input/output 
call, the first parameter (the device descriptor number) becomes the object index. Then the 
address of the OS object is determined by indexing into the ObjectTable with the object 
index (modified for far pointer indexing, that is, multiplied by four). In both cases, control 

25 transfers to the function table jump^s^ler^ — - ^ • 



Case (2a) non-device input/output: 
wait proc; 

mov ax,OFCT INDEX FORwait*2; 
30 jmp ObjectTable+(OBJ^INDEX^FOR_os • 4)]; 
_wait endp; 



Case (2b) device input/output: 

read proc; " • 

35 *^«^^^^ci^^^GllP^^^^^ - 
jmp go_io; 
read endp; 
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go_io proc; 
mov 
rnov 
shl 
jmp 

go_io proc; 



bx, sp; 

bx, word ptr ss:[bx+4]; 
bx,2; 

ObjectTablefbxJ; 



10 



3. Function table jump code -> Actual OS function 

The function table jump code transfers to the actual OS function by using the 
member functionjndex into the object's FctTable. The function table jump code is required 
to be at the start of each object, followed by its FctTable containing near pointers (offsets) to 
every externalized member function. This implies that all member functions of an object are 
contained in one segment (64K maximum). The function table jump code is: 



15 



mov bx, ax; 

jmp word ptr cs:[FctTable+bx]; 



4. Actual OS function -> OS code 

The actual OS function is executed. Then the actual OS function returns to the 
20 previous OS code, which resumes by popping any parameters off the stack. 

The interface of vectoring to an OS function from an application (and returning back 
to the application) is discussed below in reference to Table 6. 



25 



30 



35 



40 



Table 6 

Application to OS Interface Example: read( CARD, „) 



I 



45 



-jreturn status; 



|F012:3456 1 int card_read( CARD ...) 



I- 



F0 1 2:001 3 1 7-Write() Offset - xxxx 



F012:001 1 1 6-Rcad() ^o1fset^456 



I 



F0 12:0007 1 l-Control() Offset = xxxx 



F0 1 2:0005 1 0-Close() Offset • xxxx 



FctTable[0] 
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10 



15 



20 



25 



30 



35 



|F0 12:0000 
I 



|ApToOsExil| 
|ApToOsEntry| 



App Start 



0070:1010 



0070:1004 
0070:1000 

0000:0000 



40 



Card- jmp cs:[FctTab!e+bx] 
Object: mov ax, bx 



OS ROM code and constants 



jmp~es:[OFctVecNbr*4] 

mov es, dx 
xor dx, dx 

mov ax, OFctlndex*2 
mov bx, OIndex*4 
_read proc 



read(ms_CARD, ...)=>call _read 



Application code and data 



4-ms_CardObject = F012:0000 



I-DisplayObject =xxxx:xxxx 



0-KeyboardObject = xxxx:xxxx 

j_ 



OS data area 



ObjectTablefO] 



Table 6 shows a preferred method for the application to OS interface, which is used in 
conjunction with the following steps. 

45 1 . Application code -> application stub function 

any paraffielere*ori4he^!ac^ 
"application stub function". The application code is: 
call read 
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2. Application stub function -> ApToOsEntry 

The application stub function, representing the OS function, is linked into 
application space via the application library, app.lib. Indexes to the object and member 
functions are passed via registers and control is given to the common entry, ApToOsEntry, 
of the operating system with an interrupt vector. A far indirect jump instruction (with some 
allied code) is used for performance, rather than an actual vectored interrupt instruction (INT 
OFclVectorNbr). The code is: 

-OsFunction-proej 



mov bx, 0]NDEX_FOR_object * 4; 
10 mov ax, OFCTJNDEX_FORJunction • 2; 

xor dx, dx; 
mov es, dx; 

jmp es:[OFctVectorNbr ♦ 4]; 
OsFunction endp; 

15 

The interrupt vector address (OFctVectorNbr*4), set at terminal start up, transfers 
control to the operating system at its common entry, ApToOsEntry. 

3 . ApToOsEntry -> Function table jump code 
20 ApToOsEntry is the common entry into the operating system. Its module file also 

contains the common exit. This single point design permits different hardware 

application/OS modes, as well as easier implementation of certain debugging techniques. 
The responsibility of ApToOsEntry is to give control to the proper OS function. 

Table 7 shows sample ApToOsEntry code in the C programming language. It will be 
t25. er , appreciated by those skilled in the art that assembly code could^us(&d»for.i?nprcved^^A3»^v^^^ 

performance. 
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48 
Table? 



II- 



II ApToOsEntry - Application to OS vector entry to call a object member fct. 
int huge ApToOsEntry 

( //CAUTION: assumes registers bp, si, di, & ds pushed by prolog code. 
Uint IODeviceOlndex) //If io call, object/dev idx/no. 

{ 

10 Uint 01ndex = _BX; // Passed in as far pointer idx. 

Uint FIndex = _AX; // Passed in as near pointer idx. 

// - 

// Get actual object index if object is an i/o device. 

15 // - 

if(Olndex==0) 
{ 

if ( IODeviceOlndex >= MAX OBJECTS ) 
{ 

20 goto exit; // Device object does not exist. 

} 

OIndex = IODeviceOlndex * sizeof(void far *); 
} 



25 ti- 



ll Save caller's return in its proctab entry & set to return back here. 

//_ 

proctab[currpid].paddr = *StackVoidPtr(2); 
*StackVoidPtr(2) = OsToApExit; 



ti- 



ll Restore regs, push address and goto object's function table jump code. 

// . 

asm { pop dx; pop di; pop si; pop bp }; 
35 'Stack VoidPtrfO) = ObjeciTable[OJndex / sizeofl(void far •)]; 

asm { mov ds, dx; mov ax, FIndex; ret }; 

exit: // Error: device object does not exist; return with error, 

return SYSERR; 

40 } 



li- 



lt OsToApExit - Return to application caller after an OS call. 

// 

45 // On entry and exit, the stack (ss:sp) points to callers first paramerer. 

//- 

static void huge OsToApExit( void ) 

{ //CAUTION: assumes registers bp, si, di, & ds pushed by prolog code. 

50 *StackVoidPtr(2) = proctab[curTi)id].paddr; ' " 

asm { mov ds, dx; ret }; 

} 

This 'c' code is designed to accomplish several tasks. First, if the object is an 
55 inputXoutput device, the caller's first parameter (the device descriptor number) is used as the 
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• • 

actual object number, unless the device number is illegal. In this case, return is made to the 
application caller with error; otherwise the object number is converted to a far pointer index. 

Next, the application caller's return address is saved in the process table (proctab) 
entry corresponding to the current OS process; and the caller's return address on the stack is 
5 overlaid by the common exit address, ApToOsExit, in order to regain control after the OS 
function completes. 

Then the address of the OS object is determined by indexing into the ObjectTable, 
using the object index (modified for far pointer indexing, that is, multiplied by four). 
Finally, control transfers to the function table jump code. 

10 

4. Function table jump code -> Actual OS function 

The function table jump code transfer to the actual OS function by using the member 
function index with the object's FctTable. The function table jump code is required to be at 
the start of an object, follow by its FctTable containing near pointers (offsets) to every 
15 externalized member function. This implies that all member functions of an object are 
contained in one segment (64K maximum). The code is: 

mov bx, ax; 

jmp word ptr cs:[FctTable+bx]; 

20 

5. Actual OS function -> ApToOsExit 

The actual is OS function is executed. When it exits, it returns to ApToOsExit. 

6. ApToOsExit -> Application code 

25 .m&*e#&^ . ApToQsExiUjpesjiny^final bookkeeping processing. Then ApToOsExit returns to -^ixsssses* 
the application, which resumes by popping any parameters off the stack. 

Diagnostics 

In the preferred embodiment, three levels of diagnostics will be provided: 
30 1 . At power up, the operating system will automatically perform a series of diagnostics 
such as checking RAM, ROM, processor and configuration. 
2. Diagnostics will be available from the director menu for the operator to access when 
es£s*=^^^ - jKj^s^-This wil^ncltid^ gathering staiisti£s ; 1ce}^ 

for security keys. 

35 3, Several applications will also be available for service and manufacturing personnel 
to load for advanced diagnostic tests and troubleshooting. 
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Software Libraries and Tools 

The POS Terminal preferably uses "off the shelf* PC based tools such as: 

• Borland C++ compiler 

• Paradigm debugger 

5 • Together C++ design tool 

Extensive library routines, objects, and utilities are available that make the new terminal 
"easy to program". Software development kits will be provided for application software 
development. 

Smart card drivers will be utilized for various types of smart cards such as EMV, 
10 MPCOS, PCOS, and SCOS cards. 

An OS application has the following system functions available. The OS functions 
include the system calls for the X1NU functions and OS supplemental functions, as well as 
OS application library functions. The OS functions are grouped functionally with a brief 
description, and later some of the particularly interesting ones are listed again with a detailed 
15 description. 

The I/O functions are: close, control, getc, getcwait, init, open, putc, read, and write. 
Note that a unique subset of these functions is meaningful for each device. For example, 
associating the getc (get a character) function with the keyboard is meaningful, whereas 
associating the putc (put a character) function with the keyboard is not. 
20 The OS supplemental functions provide further functionality for the application and 

the OS Director, such as date/time, downloading, and miscellaneous features. 

Unlike the other OS functions, the OS application library functions, if used, will 
K have their code linked into the application space* To access these functions, the application 

programmer links the OS application library with the application. 

•*^a^sffia#^. - - -25-—^-* Other application library functions, such as RAM Disk and Indexed'FiSesfare^Isc -^r^ 

available for linking with application programs. 

OS Input/Ou tput System Calls 

close Device independent close routine. 

30 control Device independent control routine. 

fgetc Get character from a device (same as getc). 

fputc Put a character to a device (same as putc). 

getchar Get character from the keyboard device. 

35 getcwait Device independent character input routine with timeout, 

open Device independent open routine, 

putc Device independent character output routine. 
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putchar Put a character to the display device, 

read Device independent input routine, 

write Device independent output routine. 



Network Interface Circwitry Pata Link Calls 



10 



15 



nic_close 
nic_control 

-nie-count — 



nic^create 
nic_delete 
nic_freebuf 
nic _getbuf 
nic_open 

nic_read 
nic write 



De-registers a higher level protocol from NIC data link layer. 
Change parameters or clear statistics of a NIC physical device. 
-Gheek-the : number-of-packets-waiting at-a-Nie-message type. 
Initializes the NIC variables and creates NIC processes. 
Removes NIC support from the given device. 
Return packet to the NIC buffer pool. 
Get a buffer from the NIC buffer pool. 
Registers a higher level protocol handler with the NIC data link 
layer. 

Read a packet from a message type of a NIC message type. 
Sends a packet to the NIC process and waits for a response. 



OS Process System Cull* 
add_stack_space 
20 chprio 
create 

getpid 
getprio 
25 kill 

esume 
uspend 



Add system heap space for application process stacks. 
Change the priority of a process. 

Create a new process. The process stack size, ssize, must be 
at least 256 bytes. 

Return the process ID of the process currently running. 
Return the scheduling priority of a given process. 

Terminate a pToces£4^ I .& ss & s ^^. , /s^ssm^-T^s^ 

Resume a suspended process. 

Suspend a process to keep it from executing. 



30 



35 



OS Interprocess Sinple Message System r^fo 

receive. . . Receive a (one word) message. . 

recvtim Receive a (one word) message with timeout, 

send Send a (one word) message to a process. 

ssndf <*te^arc^!nessi^ 
waiting message. 

sendn Send one word message to process. Do not force a reschedQ. 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 Best Available Copy 



PCT/US97/15514 



10 



15 



52 

OS Interprocess P»r* (Mai 1 ) System Calls 

get_dir_portid Get the Director port identification. 

pcount Return the number of messages currently waiting at a port. 

pcreate Create a new port. DMOS supports up to 32 ports. The maximum 

number of message nodes on all ports at any one time is 32. 
pdelete Delete a port, 

preceive Get a message from a port, 

preset Reset a port, 

psend Send a message to a port. 

OS Interprocess Semaphores System Calls 

scount Return the count associated with a semaphore. 

screate Create a new semaphore. 

sdelete Delete a semaphore. 

sreset Reset semaphore count. 

signal Signal a semaphore. 

signaln Signal a semaphore n times. 

wait Block and wait until semaphore signal. 



20 QS Memory Management System Calls 



freemem Free a block of application heap space, 

freestk Free a block of application heap space (same as freemem). 

getmem Get a block of application heap space, 

getstk Get a block of application heap space (same as getmem). 

25 lheap_init Initiaiize'the^ppSicatiOirs iieap spacer 

OS Buffer P ool Management System Calls 

bufcount Get the number of free buffers of a pool, 

delpool Delete a buffer pool. 

30 freebuf Free a buffer and return it to a pool, 

getbuf Get a free buffer from a pool, 

mkpool Create a number of buffers for a buffer pool. 



C *** S5 ^ 4 -poolinif ^^^^lmtiali7^ (he'enfire^ffeFpool manafiVtf*.*-' 



35 QS Time and Date System Calls 

datetos Convert a date and time to a formatted string. 

day_of_year Convert date to the day-of-year index. 
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get_datc Convert the current date and time to a formatted string. 

etticks Get system clock in ticks (number of tenths of a second). 

et_usecs Get system clock in microseconds. 

month_day Convert day-of-year index to the month and the day. 

setdate Set the current date and time from a formatted string. 

sleep Go to sleep for n seconds. 

sleept Go to sleep for n ticks. 

-stodate Gonvert-a-formatted-string-to-a-date-and-time-eomponents. 



10 



OS Configuration Calls 

config_control 



15 



get_restarts 

get_system_information 

set_startup_mode 

system_control 



Controls configuration memory area 
(keypad type and Director password). 
Get number of restarts since last startup. 
Get DMOS system information. 
Set the startup mode for the terminal. 
Configure the internals of the system. 



OS Integrity System Calls 

_do_crc_check Calculate Cyclic Redundancy Code (CRC) of one or more 

20 specified segments. 

_do_init_same_values Initialize one or more data areas, each to their same value. 

calc_crc Calculate CRC for a given string. 

chk_chksum Check computed checksum of a block with a checksum. 

set_chksum Compute and store the checksum of a block. 

25 > ^agsategssBry - — ^M*a*^^^ 

OS Download System Culls 

Get the Director download dial information. 
Get the Director download information. 
Get the Director download terminal information. 
Set the Director-download baud rate information. 
Set the Director download dial information. 
Set the Director download information. 



30 



get_dial_string 
get_dnld_info 
get_terminal_id 
set_baud_rate 
set_dial_string 
set_dnld_info 

get_baud_rate 

35 



^^H^i?ector , 03^ , n!bad "terminal infonnafuSr 
Get the Director download baud rate information. 
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JO 



15 



OS Seciirity Calls 

sec_des_decrypt 
sec_des_encrypt 
sec_dukpt_clear 

sec_dukptjnit 

secdukptsmid 
scc_gct information 

secjcey_clear 

sec_key_set_mgmt 

sec_key_submit 

sec_mac_data 

sec_PIN_encrypt 

sec serial num submit 



Decrypts data with a key injected earlier. 

Encrypts data with a key injected earlier. 

Clears and resets the Derived Unique Key Per 

Transaction security functions. 

Initializes the Derived Unique Key Per Transaction 

(DUKPT)key management system. 

Returns the current SMID. 

Gets information on the current state of the security 
functions. 

Erases the security key. 

Sets the security key management mode. 

Saves the given key information. 

MAC's data with a key submitted earlier. 

Encrypts the PIN data using an account number. 

Sets the serial number. 



20 



OS Miagfiltanams Calls 
format 
fprintf 
printf 

set_roll_cmnds 
set_slip_cmnds 
visa_recv 



Format a string according to a format mask. 

Formatted output conversion to a device. 

Formatted output conversion to the display device. 

Set printer command characters for roll printer. 

Set printer command characters for slip printer. 

Read into a buffer using the VISA II message protocol. 

Write from a buffer using the VISA II message protCKxil? 4 ^^ — 



One of the more interesting sets of software library class or object are those related 
to the display driver. The display driver object performs the display activity for the OS. It 
operates in tandem on two conceptual levels: the upper and lower. The upper level contains 
30 the external interface display functions and executes the application or operating system 
requests for writing characters to the display along with statusing and mode setting. The 
lower level outputs characters to the hardware display, as well as handling cursor movement, 

Briefly as shown in FIG. 17, an application's display call, as are all OS system calls, 
35 resolves to an OS app.lib function that uses an interrupt vector to "bridge" from application 
space to OS space. Once within this space, the OS kernel vectors the display call to the 
display driver object, then to one of the display driver functions (all termed the upper level). 
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Each display function makes use of its data structure, the display Device Control Block 
(DCB) to manage the display mode setting and statusing, items that are unique to the display. 
The lower level functions are called by the upper level to handle the hardware interface to 
the display itself. Note that the application is never blocked when using any display 
5 functions. 



Features of this preferred embodiment display object include: 

iraphical-display-o^any set-ofeharactersrincluding-bitgraphicsr 



• Up to four rectangular screens with possibly of a different character set in each 
10 screen. 

• Each of four processes can control or own at least one screen of the four screens of 
the display. 

• One process can control or own one, two, three, or all four screens. 

• Up to six different character sets, four user defined and two default sets. 
15 • Ability to uninstall character sets to install new ones. 

• Character sets can specify size and number (maximum of 64K characters in a set). 

• Optional display of a horizontal and/or vertical cursors. 

• Variable horizontal and/or vertical spacing around characters and between lines. 

• Cursor movement commands from character set or control function. 
20 • Optional automatic wrapping of characters to next line. 

• Setting of display's contrast and its back light. 



30 



The following define the display operating system calls that an application or 
operating system can make. The calls are identical to other device calls except for the device 
- n parameter, which here would specify the DISPLAY. 

Open Open a screen for the current process. 

Control Set mode or return status (see next section). 

Putc Output one character. 

Write Output a specified number of characters. 

Close _ Close screen to allow-another process to use. 



A special call is also defined to permit display access without control or ownership. 
*os irfE&by the OS when ihe devicrc^^ 
libraries for displaying warning messages. It is not normally used by an application per se. 
35 • Display Jo Generalize output or mode setting without ownership. 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 Best Available Copy 



PCTAJS97/15514 



56 

The functions done with a display control call, allowing modes to be set and status to 
be returned, are: 



10 



15 



CHECK_DEV_STATUS 

CLEAR_SCREEN 

CSR_OFF 

CSR_ON 

-CURSOR-HOME 



GET_DISPLAY_SIZE 
INSTALL_CHAR_SET 
MOVE_CSR 
RESET 

SETBACKLITE 

SET_CONTRAST 

SETSCREEN 

UNINSTALL_CHAR_SET 

WRAP_OFF 

WRAP ON 



Get the device's status. 

Clear the selected screen and set cursor home. 
Do not display cursor. 
Display cursor if option selected on open. 
-Set-cursor-to-top-Ieft-position in selected screen. 
Return selected screen's column and row size. 
Install a character set. 

Set cursor to requested spot in selected screen. 

Reset the display device. 

Set display's backlight to requested value. 

Get display's contrast to requested value. 

Set (select) a screen that this process opened. 

Uninstall a character set. 

Do not wrap a line to next line. 

If cursor at end of line, move to next line. 



20 The display object consists of the software display driver code that manipulates the 
hardware display device, or the display for short. The display is organized into rectangular 
sections called screens. A particular screen may encompass all or part of the display, and is 
defined when a process executes an open() display function. The entire display can be 
opened as one screen by: 
k-v~,- 25 open ( DISPLAY, NULLPTR, NULLPTR^);^^^— - 

A part of the display can be opened as a screen by supplying screen parameters: 
open ( DISPLAY, &screen _ptr, sizeof (screen_ptr ); 

30 .- - -• The screen parameters specify the starting screen coordinates on the display and the 
horizontal and vertical lengths of the screen, as well as optional amount of inter-spacing 
between columns and lines. 

ft^Sv ^§Fi^^^/?T^^^ - ****** 

open ( DISPLAY, &std_screen_config, NULLPTR ); 

35 
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More than one process may open a screen, and more that one screen may be opened 
by a particular process. However, there may be at most four screens and they may not 
overlap. 

Even though the display's dot resolution does not really permit different font styles 
5 (such as Times Roman or Courier) without using a large portion of the display, each screen 
can specify a different character set. 

Character sets are installed with a control function and are given a character set 
— index.-W-hen4nstalIed-they-specify-the-n 64K) and the first 

displayable character index, as well as horizontal and vertical pixel sizes, and the actual 
10 graphic characters themselves. To use an installed character set, you must open a screen with 
screen parameters and select the character set by its character set index. A character size can 
be defined to be 1x1, 128x32 (the entire screen), or anything in between. 

If the character set is larger than 256, each character is assumed to be two bytes 
instead of one, when a putc() or write() is executed. This can be done, for example, using 
1 5 Borland's wide character option. 

Two character sets are preferrably provided: the 5x9 and the 5x7 ASCII character 
sets. The first character set is index one and is the default for opening the display without 
parameters; the second character set is index two. Other character sets for other language or 
graphic sets and sizes can be added. There may be at most four additional character sets 
20 installed at any one time; however, a character set may be uninstalled and new one installed 
with control functions. Of course, the selected screen must be closed and re-opened to use a 
newly installed character set 

For the two provided characters sets, certain characters (Backspace, \b; Formfeed, \c; 
Newline \n; and Return, \r) are not displayed, but instead move the cursor backwards one 
25 position, home, heginningiofthe next Hnc,ioribeginning of the current line, respectively. 
Also, there are six special characters: up/down arrow ('\] *), up arrow ('\2'), down arrow 
CVT), left arrow (*\4'), right arrow OS 1 ), and arrow body block('\6'). The rest of the other 
non-printing characters are treated as spaces. 

Each screen is organized by columns and lines. Their maximum values are 
30 dependent on the character size and the inter-character spacing. The 5x7 character set, with 
one pixel spacing in both directions, allows a total of 84 characters (21 columns by 4 lines), 
while the 5x9 character set allows a total of 63 (21 columns by 3 lines), 
iass^^v.^ lifi£?Bdth column and Iine'itan"^^^ ; 

at one and go up to their respective maximum. The upper left position of any screen is 
35 always (1,1). 

Each time a character is output to the display, the positioning of the next character is 
adjusted. By default, the positioning is rightward one character, then to beginning of the next 
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line when at the end of a line, and finally to beginning of screen when at the end of the last 
line. If wrap is turned off, the positioning does not goes to the next line; instead it re- 
positions to the same character just displayed. 

Optionally, the cursor is display in the currently selected screen. For this to occur, a 
routine must be provided when the screen is opened. Then a control call is used to have it 
displayed. The cursor can be displayed as either a horizontal or vertical line, or both. The 
cursor can be positioned where it is displayed when the screen is opened. 
A-typieal-flow-of control through-the-display object-iras^follows: 



I Process zero initializes the display (display access) on start up. 

10 2. Process X opens a screen of the device (displayopen). 

3. Process X optionally executes control call (display_control). 

4. Process X calls an output function (display_write/display_putc) 
which places the data on display. 

5. Process X repeats step four and possibly step three until it displaying 
15 is completed. 

6. Process X closes the selected screen (display_close) to release it for 
use by other processes. 

7. During the same time frame, process X may do the same calls for 
using up to three more screens. Note that it will have to do step 3 to 

20 select an alternate screen. 

8. During the same time frame, processes A, B, and/or C may do the 
same calls. 

Some routines are only available for calls from other operating system objects, as 
well private calls within the display driver object itself, including Displayaccess and 
. 25 ^Rjsplgy^io. Each .c^th^sc fuaoions is briefly described below. 

Display_open 
Synopsis 

int disp!ay_open( int objectjd, struct dsp_parameters ♦sparm _ptr, 
Description 

u^^-ti*^^^ fc y o&jec-ykJi^ 

* clear any previous daiafand create a screen for the hardware display. If the 
35 designated portion of the display is free, the calling process owns the newly created 

screen, and a screen index (one through four) is returned; otherwise, an error is 
returned. 



40 



If the pointer sparm _ptr is NULLPTR, the entire display is assigned to the calling 
process. For this case, the default character set is 5x9 with one horizontal pixel 
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space between lines, and one vertical pixel space between columns (characters). This 
implies three lines of 21 columns each. Also the cursor option is not selected, so no 
cursor can be displayed. 

If the pointer sparm_ptr is not NULLPTR, the dsp_parameters structure pointed to 
by sparm _ptr specifies how the screen is to be defined (see below), and the length of 
the dsp_parameters structure is pointed to by splen_ptr. 

If the splenjrtr is NULLPTR, but sparm _ptr is not, then sparm jrtr is a pointer to an 
integer representing a standard configuration. Currently, there is one standard 
configuration, whose integer is one. If this is selected, two screen arc created: One 

^creen4s^uhe4op^sing-a4x-9-c^^^ 
lines, including an optional cursor, and one vertical space between columns. This 
screen has two lines of 21 columns each. The second screen is at the bottom, uses a 
5x7 character set with one horizontal space between lines and one vertical space 
between columns. This second screen has one line of 21 columns with the ability to 
display both a horizontal and vertical cursor 





Parameter 


Value 


Meaning 


20 


objected 


DISPLAY 


Specified object or device identification. 




sparm_ptr 


NULLPTR 


Opens the entire display as one screen. 




splen_ptr 


NULLPTR 


Implies opening of a standard screen. 




*sparm_ptr 


structure 


Display parameters structure for a screen. 




*splen_ptr 


Integer 


Length of display parameters structure. 


25 


*sparm_ptr 


Integer 


Open the entire display as two screens. 




splen_ptr 


NULLPTR 


Implies opening of a standard screen. 




Return 


Value 


Meaning 




return value 


integer 


Screen index used selecting screen in control(). 


30 




BAD.PARM 


Device screen overlaps or mismatch in size. 






BADJJSER 


Device screen owned by another 



35 



Display screen parameters 

The following structure defines the display parameters used to open a generalized 
screen for the display. 



1 



struct dsp_parameters 
{ 



40 



x "start _point 
int y_start_point 
int xjength 
int yjength 
int char set selection 



// X start coordinate (range:0^127~) 
// Y start coordinate ( range :0- 3 1 ) 

// X size of screen (range: 1-128) 

// Y size of screen (range: 1 - 32 ) 

// Char set select (range:0-user) 
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// default values: 1-5x7, 2-5x9 


int 


line space 


// Y inter-line space (range:0-127 ) 


int 
mi 


Vriuir opduc 


// w iijivi'ciioi apuwc y range*"- j \ i 


int 


line_cursor 


// line cursor option (range:0- 1 ) 


int 


char_cussor 


// char cursor option (range:0- 1 ) 


int 


line_cursor_space 


// line cursor space (range:0- 3 1 ) 


int 


char_cursor_space 


// char cursor space (rangc:0- 1 27) 



10 Display open example 

struct dsp_parameters s I _pararneters[] = 

{ 0, 0, 128, 24, 2, 2, I, TRUE, FALSE, 1,0}; 
struct dsp_parameters s2_parameters[] = 

{ 0, 24, 128, 8, I, 1, 1, TRUE, TRUE, 0, 0 }; 



15 



// 



void open_example() 
{ 

20 Uint size_spl = sizeof( s2_parameters ); 

Uint size_sp2 = sizeof( s2_parameters ); 



Uint screen_l; 
Uint screen_2; 
Uint screen_option = 1 ; 



30 



ti- 
ll 
II- 



Open entire display as one screen. 



open ( DISPLAY, NULLPTR, NULLPTR ); 



// 



35 



// 



40 



//. 

//Open entire display as two default screens. 



open ( DISPLAY, &screen_option, NULLPTR ); 
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// 



// 



61 

// Open the display (open main screen last for it to be selected). 

screen_2 = open( DISPLAY, s2_parameters, &size spl ); 
screenj = open( DISPLAY, si parameters, &sizej>p2 ); 



10 // Select screen 2 to do display within screen 2. 

//. . 



^ntrol(H3ISPbA-Y^ 



// — 



// Select screen 1 to do display within screen 1. 



control ( DISPLAY, SET_SCREEN, &screen_l, NULLPTR ); 



20 

// 

25 }; 

Display_control 
Synopsis 

int display_control( int objectjd, int function, void far *parm_ptr, 
30 void far *parm2_ptr ); 

Description 

Perform a function to set a mode or return a status. The control function for the 
device, represented bysthetobjectjd, is dene'possibly using parameters referenced 
35 via the pointers parm_ptr and parm2_ptr. 



40 



Parameter 

object_id 

function 



Value 
DISPLAY 

CHECK_DEV_STATUS 
CLEAR SCREEN 



CSR_OFF 
CSR~ON 

CURSOR_HOME 

GET_DISPLAY_SIZEt 

50 INSTALL CHARSETJ 

. MOVE_CSRJ 



Meanin g 

Specified object or device 

identification. 

Get the device's status. 

Clear the selected screen and set 

cursor home. 

Do not display cursor. 

p^a^cursor if option selected on. 

" Set cursor to topleft position in 
selected screen. 

Return selected screen's column 

and row size. 

Install a character set. 

Set cursor to requested spot in 

selected screen. 
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10 



RESET 

SET_BACKLITEf 

SET_CONTRASTt 

SET_SCREENf 

UNINSTALL CHAR SETf 

WRAP_OFF 

WRAP ON 



Reset the display device. 

Set display's backlight to requested 

value. 

Get display's contrast to requested 
value. 

Set (select) a screen that this 
process opened. 
Uninstall a character set. 
Do not wrap a line to next line. 
If cursor at end of line, move to 
next line. 



Requires parm_ptr to not be a NULLPTR, see below. 

X Requires both parm_ptr and parm2_ptr to not be NULLPTR, see below. 



IS 



20 



25 



30 



35 



Parameter 
parm_ptr 



parm2_ptr 



For Function 

GET_DISPLAY_SIZE 

INSTALLCHAR_SET 

MOVE_CSR 

SET.BACKLITE 

SET.CONSTRAST 

SETSCREEN 

UNI NSTALL_CHAR_SET 

All other functions 

GET_D1SPLAY_S1ZE 

INSTALL_CHAR_SET 

MQVE^QS^ 

All other functions 



Value and Meaning 

Pointer to integer to return max. 

columns. 

Pointer to char array of a character 
set. 

Pointer to integer number of 
columns value. 

Pointer to integer backlight value.; 
Pointer to integer contrast value. 
Pointer to integer screen index from 
open(). 

Pointer to integer of a character set 
index. 

Pointer set to NULLPTR. 

Pointer to integer to return 
maximum lines. 

Pointer to integer of character set 
size. 

Pointer to integer number of lines 
value. 

Pointer set to NULLPTR. 



40 



Return For Function 

return value INSTALL CHAR SET 



Value and Meaning 
Character set index to use in an 
open screen. 



For all other functions without error an OK implies function completed without 
error. For all functions with error BAD_USER, this means a non-owner is trying to use a 
45 screen. For all functions with errorB^6_CMD, this means illegal function or parameters. 

New character set install example 



50 



The first step is to define a character array for the character set; see example below. 
The first five bytes define its characteristics: the number of characters in the 
characters set, the first legal index, and the character size in pixels. For the example 
below, there is just one character (an *S*). You must specified two bytes for the 
length, the least significant byte first. The first legal index is 83 (0x53) because that 



SUBSTITUTE SHEET (RULE 26) 



WO 98/10368 Best Ava i| ab | e Copy 



PCT/US97/15514 



10 



63 

is the value of an ASCII 4 S\ Of course, you could change the *S' value to zero and 
set the first legal index also to zero. Finally, the size of a character is six pixels wide 
and ten pixels long. 

After this, the character set is specified. Because the display hardware outputs bytes 
vertically, the characters must be rotated 90 degrees clockwise. Also, due to how 
memory is accessed, the most significant byte must stored in memory first. In this 
example, the bytes must be swapped. Note: A possible future project will be to 
automate the generation of user defined character sets. 

Once the array has been generated, execute the following control call to install the 

-character-set- ; 



15 



20 



char^setjndex = control( DISPLAY, 1NSTALL_CHAR_SET, 
dsp_char_set_special, 

sizeof ( dsp_char_set_special ) ); 

Then execute an open command to use the special character set within the selected 
screen. 

display_parameters.char_set_selection = char_set_index; 

open( DISPLAY, &display_parameters, sizeof( display_parameters ) ); 



25 character set example 



30 
35 
40 
45 



50 



chardsp char set special[] = 
{ 

1 , //=DSP_MAX_CHARACTERS & OxFF, //Low byte of # characters 

in set. 

0, //=DSP_MAX_CH ARACTERS / Ox 1 00 //High byte of # characters 

in set. 

83//=DSP_FIRST_CHARJNDEX, //First legal character code 

index. 

6, //=DSP_CHAR_X_SIZE, //Horizontal char size in 

pixels. 

10//=DSP CHAR Y SIZE, //Vertical char size in 

• SS'WW'-V- War- — — ~ pixels ~*z*!L&{Ssycr^-~-- 



Character set values: 

Characters rotated 90 degrees | Chars rotated | Characters as they 
clockwise and bytes swapped.| 90 degrees. | appear on display. 



55 }; 



0x8E,0x00, // 10001 110b,0b| 
0x11,0x01, // 00010001b,lb| 
0x11,0x01, // 000)000lb,lb| 

.•^^^JsOk0U%rPP01000!Wbj • 
S**ig^-0*E2,0x00, // ill000l0b,0b| 

// I 

ft I 

// I 

// I 



AM 



010001 110b | 011 10b 

100010001b I 10001b 

100010001b | 10000b 
!0,00i0119 : l^j_1.0000b^ 

01 i 100010b I 011 10b 

| 00001b 

| 00001b 

| 10001b 

| 011 10b 



.*-_-: 
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Display_putc 
Synopsis 

int display__putc( int objectjd, char ch ); 



10 



Description 

Output one character, ch, to the device, represented as objectjd. The calling 
process is never blocked. 



Parameter Value 

objected DISPLAY 
ch character 



Meaning 

Specified object or device identification. 
Character to be output. 



15 



20 



Return 



Value 
OK 

BAD USER 



Meaning 

Function completed without error 
Non-owner attempting to use the screen. 



Display_write 
Synopsis 

int display^ write ( int objectjd , char far *buffer, int count ); 



25 



30 



Description 



Write the count characters from buffer to the device, represented as objectjd. Once 
the function returns, the buffer may be reused. The calling process is never blocked. 



Parameter 

objectjd 

buffer 

count 



V alue 

DISPLAY 

pointer 

integer 



Meaning 

Specified object or device identification. 
Pointer to buffer of characters to be written. 
Number of characters to be written. 



35 



fietuin 

return value 



Value 
OK 

BAD USER 
BAD~CMD 



Meaning 

Function completed without error 
Non-owner attempting to use the screen. 
Count is less than zero or more characters 
than screen can hold. 



9» y$«KfciX*. -S^svsTy*?-.*. 



Display_close 
40 Synopsis 

int display j:lose ( int objectjd ); 



Description 



45 



Releases control of the currently selected screen, represented by the object id, that 
was previously opened by the calling process. This portion of the display is available 
as a portion of a screen that may be opened by a process for its use. 
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Parameter Value 

object jd DISPLAY 

Return Value 

return value OK 

BAD USER 



Meaning 

Specified object or device identification. 

Meaning 

Function completed without error. 
Non-owner attempting to close screen. 



10 



Displays ccess 
Synopsis 

int huge dis play^access ( int objectid, int fcttype ); 



Description 

The protected display_access() function is used to indicate that the object, 
15 represented by the object id, exists or to initially construct the display object by 

allocating and initializing the display DCB. The particular function is determined by 
fct_type. 



20 



25 



Parameter 

objected 
fctjype 



Value 
DISPLAY 
OBJ_EXISTS 
OBJ CONSTRUCT 



Return Value 

return value OK 

BAD USER 



Meaning 

Specified object or device identification. 
Request for device object's existence. 
Request to construct the device object. 

Meaning 

Function completed without error. 
Non-null process trying to construct device. 



Displayjo 
30 Synopsis 

void huge displayjo ( int parameter ); 

Applications 

Various applications will be developed for use with the POS terminal of the present 
35 invention. For example network applications will be developed such as retail/restaurant 
applications on VISANET, GPS, and NOVUS. These applications will include standard 
credit, debit,, and check authorization capabilities, along with an American Express Plural 
Interface Processing (PIP) option. A single application will support retail and restaurant 
functionality. In some embodiments to save on memory, different application files will be 
40 used for Ihe^gatSvvayTiaiN -workstation, ahd'sta£Euibne enyironif^SS^ne* userTnterface 
will be essentially the same in all configurations and on all networks. Preferably the 
applications will be developed using object oriented programming. Additional applications 
might include storing and transporting applications on a smart card, storing and transporting 
a batch file, and diagnostics. Applications are preferably loaded in 64K blocks due to flash 
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requirements. Multiple applications might also run together on the POS terminal including 
such applications as: Credit/debit card application; Electronic purse application; Frequent 
shopper application; Check guarantee application; Customer survey; EBT program; 
specialized transactions such as Petroleum card applications; etc. There would probably be 
5 only 2-3 of the above applications used at once, but the list indicates some possibilities. 
Each application would likely communicate to a different host. 

Multiple applications might also include different functions requested by a customer. 
For cxamplertheTustomer could choo^e~ffoTh~tKe"fdllowing functions: 
I . Visa/MasterCard acceptance 
10 2. American Express acceptance 

3. Check guarantee 

4. ECR integration 

The same host may process for all these functions, but it eliminates the need to 
15 control multiple applications with different combinations of features. 

Security 

The core unit with all module configurations can be used for PIN entry by the 
consumer. It will support DES and public key for encryption of secure data and handle 
Unique Key Per Transaction and Message Authentication (MAC). 

20 

There are several levels of security available: 

• Basic security- Single processor, no tamper detection or bonding 

• Tamper detection switches-One switch that detects when top enclosure is separated 
from the main board and another switch that detects when the bottom enclosure or 

25 "trap door^isiopened. -!f cithxr ofrthe switches are activated, the operating system 

will clear all required memory. 

• Bonding-Ultrasonic bonding provides tamper evidence if someone tries to open up 
the case. The core unit can be bonded to the PIN pad cable module. The core unit 
cannot be bonded to the other communication modules. 

30 • Second processor-A Dallas 5002 chip is added to handle security functions. All 
encryption keys are held securely in this chip and cannot be accessed by the 80C186 
application processor. All communication from the keypad and display is handled 

be downloaded separately from each other. If tampering is detected, the Dallas 5002 
35 memory is immediately deleted and the O/S will not allow the application to run. 

The security processor option is appropriate if a private key is needed for PIN 
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encryption or for software downloads. The second IC reader can also be used for 
this purpose. 

The second processor option will generally be used with the tamper switch and 
bonding options. Two daughter board configurations will be available for the higher security 
5 options: One configuration will have tamper detection logic, the other will have both tamper 
detection and the second processor. 

Once a tamper switch has been activated, the service organization will have to reload 

— applications-and-keys-before re-deploying-the unit. If the unit was bonded, this would need 

to go back to the factory (or Service organization if they have bonding equipment). 
10 It is recommended that applications put all secure information (ie. keys) in SRAM 

rather than flash. Since tamper detection does not protect against re-downloading a 
"dummy" application, MACing is used for PIN pad applications. A "trap door" in the core 
unit bottom cover will allow the tamper detection switches, security processor, or additional 
memory to be added after initial assembly. It will have an optional privacy shield that can 
15 snap on around keypad area. 

The way the PIN pad conceals an entered PIN is through encrypting it. Encryption 
takes normal readable data called plain text (or clear text) and scrambles it into an 
unreadable form called cipher text The process of converting cipher text back into its 
original plain text is called decryption. The encrypted PIN is secure from an attacker 
20 because they are unable to read it. Many algorithms can be designed for encrypting text. 

An encryption algorithm may be written that transposes each character by one (i.e. 
V becomes V and *b* becomes *c\ etc.). This algorithm relies on the secrecy of its method 
for its security. If an attacker knows that every character gets transposed by one, they can 
determine the plain text. 

25 .sfc^^fc^Other slecriijims-canrberrwritten that combine data, called a key, with the plain text 
in such a way as to produce cipher text. One such algorithm may exclusive-OR the plain text 
with the key to produce the cipher text. The method of encrypting the data may be provided 
to the public (i.e. XOR the data with key), but if they do not know the key, they will be 
unable to learn the plain text. Algorithms that depend on the secrecy of a key are more 

30 -secure than those that depend on the secrecyof the algorithm itself. 

The Data Encryption Standard (DES) algorithm is one such algorithm. DES has 
become the standard encryption scheme in the banking community. This algorithm requires 
*M«*-^L^a^^ Generally the So^bT^ls^^&l^fi^ 

bit (8 byte) key with the extra bits indicating the parity of the individual bytes. This 

35 document will refer to all keys as has having 64 bits, although the DES algorithm will only 
make use of 56 of the bits. The DES algorithm encrypts 64 bits of data at a time. 
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The DES algorithm's security is only as good as the security of the key. Key 
management describes the system used in distributing and maintaining keys. The more often 
a key is changed the less likely that an attacker could discover the key, and if they had, the 
less information they would have access to. Both the sender and the receiver must know the 
5 same key in order to decrypt (or encrypt) the transmitted data. The transfer of the key 
between parties must be done in a secure environment. If the key is changed often this can 
be a problem. 

_ The~basic~DES~a^ ways or modes. The two 

modes used by the PIN pad are Electronic Code Book (ECB) mode and Cipher Block 
10 Chaining (CBC) mode. In ECB mode, the DES algorithm is used to encrypt or decrypt each 

individual block of data. This is similar to looking up the cipher text form of a block of plain 

text in a code book. PIN encryption uses ECB mode. 

CBC mode, on the other hand, takes all of the data and computes, in essence, a 

cipher text checksum. This is useful to protect the integrity of the data. An attacker is still 
15 able to read data but may not alter it without the cipher text checksum, or Message 

Authentication Code (MAC), changing. The new MAC can only be calculated if the key is 

known. The MAC is used to provide some measure of security in knowing that an unaltered 

application has been loaded into the terminal. 

The DES algorithm encrypts 64 bits of data using a 64 bit (only 56 bits of which are 
20 used) key. The DES algorithm is design so that the same algorithm is used for both 

encryption and decryption. The DES algorithm requires frequent bit manipulations. The 

DES engine functions available for use include: 

int sec_des_decrypt (Uchar key_id, Des_Data far *buf) 
.^Q^j^ssa^-^ **Ehe sec_des_decrypt function decrypts the data passed in the Des^SaUPBuf^wiili it*r*** a * a ** m * 1 '* 

key injected earlier and identified as key_id. The decrypted data replaces the data in 
buf. The data in buf is treated as binary 8 byte data and no conversion is performed. 
The keyjd parameter is a number between 0 and 31, APP_MA STER_KEY, 
APP_WORKING_KEY, or VISAJ5UKPTJCEY. It specifies which key is used to 
30 - decrypt the data. A key must have been submitted-to this key-id before the 

sec_des_decrypt function is called or else an error is returned. The process will be 
blocked if security is being used by another process. The buf parameter is a pointer 

bufferlo^^ 

byte binary result is placed in this buffer. 

35 

sec_des_decrypt returns the following: 
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Return Meaning 

OK Operation completed successfully 

IN VALID JD keyjd is out of range 

KEY_NOT_LOADED key _id has not been loaded with sec key submitf) 

INVAL1D.PARAM Pointer to buf is NULL ~ " 

OVER 1 MILLION Over one million DUKPT keys have been generated 



int sec_des_encrypt (Uchar keyjd, Des_Data far *bu0 

The sec_des_encrypt function encrypts the data passed in the Des_Data buf, with the 

-10 key-ijijeGted-earlier-and-identified-as-key r id— T-he-e^ j n 

buf. The data in buf is treated as binary 8 byte data and no conversion is performed. 
The keyjd parameter is a number between 0 and 31, APPJvl ASTER KEY, 
APP_WORKJNG_KEY, or V1SA_DUKPTJCEY. It specifies which key is used to 
encrypt the data. A key must have been submitted to this keyjd before the 

15 sec_des_encrypt function is called or else an error is returned. The process will be 

blocked if security is being used by another process. The buf parameter is a pointer 
to a structure containing a buffer for the 8 byte binary data to be encrypted. The 8 
byte binary result is placed in this buffer. 



20 



25 



sec_des_encrypt returns the following: 

Return Meaning 

OK Operation completed successfully 

INVALIDED keyjd is out of range 

KEY_NOT_LOADED key~id has not been loaded with sec_key_submit() 
INVALID J>ARAM Pointer to buf is NULL 

OVER1 MILLION Over one million DUKPT keys have been generated 



30 



35 



Applications can use the public encrypt and decrypt functions which in turn call the private 
functions which encrypt or decrypt the data. j^^aots^^ -~ 

The Message Authentication Code (MAC) is used to verify the integrity of a series 
of data. Applications downloaded to the terminal are verified using the MAC. If the MAC 
that the terminal calculates does not match the MAC sent in the application, the application 
is cleared. The MAC function may be used to insure the integrity of any set of data. Some 
..of the available MAC functions include:. . 



int secjnacjlata (Uchar keyjd, char far *bufj>tr, int len, Des_Data far ♦macjrtr) 



40 



The secjfcac^torfunfcticn^^ *&s=*> 
keyjd to MAC the data. The function will MAC len bytes of the data contained in 
the buffer pointed to by bufjrtr. The 8 bytes of data in macjrtr are used as the 
initial MAC value when calculating the MAC. The MAC of the len of buf _ptr 
replaces the initial MAC value in macjrtr. In this way, data may be MAC'd over 
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several calls to sec_mac_data. The first call will pass macj>tr containing zeros (or 
some other initial value). Subsequent calls to sec_mac_data then continue the 
generation of the MAC by passing the MAC from the previous sec_mac_data call in 
mac_ptr. The keyjd parameter determines which key is used when MACing data. 

5 The process will be blocked if the security functions are being used by another 

process. The buf_ptr parameter is a pointer to a buffer containing the data to be 
MACd. The data will be treated as binary when MAC'd. The len parameter defines 
thrnumbenotfi^ operates in 

8 byte increments. If the length is not divisible by 8, the remainder will be filled 

10 with zero before that block is MAC'd. Care must be taken if the original MAC was 

not calculated in this manner also. Note: the application may still pad the data in a 
different manner and pass the data in multiples of 8 bytes to sec_mac_data. The 
mac_ptr parameter is a pointer to a structure containing a buffer that will contain the 
accumulated MAC. The accumulated MAC is combined with the passed data and 

15 encrypted to create a new accumulated MAC which replaces the one passed. The 

MAC should be initialized to zero to begin MAC-ing. The result is in 8 byte binary 
format. 



Sec_mac_data returns the following: 



20 



Return Meaning 

OK Operation completed successfully 

INVALID JD The specified key ID is not valid 

KEY_NOTJLOADED The key specified has not been loaded using 

25 sec_key_submit 

INVALID_PARAM Either the bufjrtr parameter or the mac _ptr 
^i^^ramgter is a^LLglS^. 

The sec_mac_data function is initially called with the mac_ptr parameter pointing to 
a structure containing zeros. This is the initial accumulated MAC. After each call the new 

30 accumulated MAC will be written into the mac_ptr parameter. The application is 
responsible for ensuring that the current accumulated MAC is passed to the function for 
updating with each call. The accumulated MAC is the resultant MAC after all MACing has 
been completed. This MAC may be compared to the MAC calculated when the data was 
originally MAC'd. If they are different then the data has been corrupted. The MAC 

35 -c^iksvti^ if iiie-MAC y^^s^s, 

does not equal the MAC originally generated then the application will be erased. 

The security of the DES algorithm is only as strong as the security of its keys. To 
limit the probability of a key being discovered it is best to change keys often. This presents 
a problem in that both parties must agree and know what key to use. Several key 

40 management schemes are in use by PIN pads. These are: Fixed Transaction Keys, Master 
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Key/Transaction Keys, Derived Unique Key Per Transaction (DUKPT), and Non-Reversibly 
Transformed Unique Key Per Transaction. 

In Fixed key management, only one key is used. This key must be injected into the 
terminal in a secure environment. This is the simplest method, but the most risky. Should 
5 an attacker discover the key, all is lost. 

Master Key/Transaction Key (MK/TK) management uses several keys. One key is 
injected into the terminal in a secure environment. This key is the Master key. Other keys 

-may4hcn4>e4njeeted4nto-the4e^ 

the Master key first. When the terminal receives these keys they are decrypted with the 
10 Master key to obtain the actual plain text key. The Master key may also be called a key 
encrypting key or KEK. This two stage method allows the transaction keys (or working 
keys) to be changed regularly. 

The application MAC keys have been pre-defined to follow the MK/TK 
management method. The application master key (AMK) must be injected in the clear. The 
15 application working key (AWK) is encrypted with the AMK and its encrypted form is 
injected into the PIN pad. The plain text AWK is used to MAC the application. 

DUKPT management changes the key after every transaction. An initial key is 
injected into the terminal along with Security Management Information Data (SMID) in a 
secure environment. The SMID contains the ID of the terminal, a key set ID % and a 
20 transaction counter. The initial key is assigned by a third party and is derived from the key 
set ID and the terminal ID encrypted with a base key not known to the terminal. The 
DUKPT method uses the initial key and the transaction counter to generate the current key. 
This method allows for 1 million different keys to be used. After I million keys have been 
generated (i.e. 1 million transactions), the PIN Pad initial key must be reloaded. Each key 
25 generat^pjg^e^nojnfo or of future keys. These means that if an 

attacker were to learn the current key they would only have access to one transaction. 

Non-Reversibly Transformed UKPT also changes the key after every transaction. 
This method uses data from the transaction itself to create the new key. Because of this both 
parties must keep a record of the history of transactions in order to determine the current 
30 key. This requires a lot of overhead and is usually not used because of this. 

The security functions will support 32 keys that can be used in either fixed key or 
MK/TK mode by the application. The keys are referred to by key IDs 0 through 31. In 
*:su^a^^ purposes. The^R^SfmywP^ 9 ^^^ 

key (AMK) is used as the master key for the application working key (AWK). The AWK is 
35 used for calculating the MAC for applications that are downloaded into the PIN pad. The 
DUKPT management mode also has its own key. These pre-assigned keys have a key ID 
that is not in the range of 0 to 3 1 . 
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Doubling the length of the keys to 16 binary hexadecimal bytes increases the 
security. The security functions will accept either double length or single length keys. To 
provide for maximum flexibility, no structure has been defined for the 32 keys that can be 
stored. The key structure can be determined by the application when the keys are submitted. 
5 When submitting a key, the key is assigned a key ID which is the number of the key 
submitted (0 to 31). In addition the key may have a KEK assigned to it. These means that 
the application can have a single level of keys, or a multiple level (Fixed Key or MK/TK), or 
"any combination. The only restrictiorTislhe number of key storage areas (IDs) available. 

If a KEK is changed, all keys that depend on that key are cleared. In other words, if 
10 the Master key is changed, then all Transactions keys that were encrypted with that Master 
key are erased. This also applies to the AMK and AWK. In addition, if either the AMK or 
the AWK is changed, the application will be cleared. 

The keys must be stored in OS data memory (i.e. independent from the application). 
The stored keys must be erased if the terminal is tampered with. An array of key flags will 
15 also be stored. These flags will indicate whether or not the key has been injected and also 
whether or not it is a double length key. These flags can be used to review the status of the 
loaded keys. The flag byte is defined as follows: 

Bit 7 - Set if the key has been loaded 

20 Bit 6 - Set if the key is double length ( 1 6 bytes) 

Bits 0-5 - Set to the KEK ID for the key. 

A director menu option will allow the user to see which keys have been loaded. The 
function called by the director will use the key flags to determine their status. Several key 
management functions will be available, including: 

25 

s»r«K . . ..-**r^7».m*,j nt S ec_get_information (struct securityjnfo ♦sec_info_ptr t Uint si^izSP* — 

The secjjetjnformation function fills the passed securityjnfo structure with 
information on the current state of the security functions. The struct securityjnfo is 
defined as follows: 

30 

// This is the structure for holding security information. 



struct securityjnfo { 

^m^^MW^^f^^ e ^ar keyjritbt32]; *c*^^ 

35 Uchar awkjnfo; 

Uchar amkjnfo; 

Uchar dukpt_key; 

char dukptjtatus; 

char keyjngmntjnode; 

40 char serial_num[!7]; 

}; 
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The keyinfo array contains the key flags described above. 
sec_get_information returns a status. 

5 Return Meaning 

OK The structure was loaded successfully 

SYSERR The pointer to the structure was a NULLPTR 

int-sec— key^lear-fUehar-key-id)- 

The scc_key_clear function erases the security key with the given ID. Any keys 
having the keyjd as a KJEK is recursively cleared also. The keyjd parameter 
specifies which key to clear. The keyjd may be a number from 0 to 3 1 . Note that 
the application master and working keys (IDs APP_MASTER_KEY and 
APP_WORKING_KEY) cannot be cleared. The process will be blocked if the 
security functions are being used by another process. 



10 



15 



sec_key_clear returns a status. 
Return Meaning 

OK Key management mode change complete. 
20 INVALIDJD Invalid key ID was given. 



25 



30 



35 



int sec_key_set jngmnt_mode (enum mgmnt modes mode) 

Sets the security key management mode to be used by the PIN pad. This function is 
not used internally but the flag is needed by some applications and is included here 
for compatibility with the MEPPA application. The mode parameter selects what 
key management mode to use. The enumerated type is defined as follows: 

enum mgmnt jnodes {FIXED_KEY_MODE, MK TK_KEY_MODE, 
VISAJJKPT_MODE, KEYED_MK_TK_MODEf 



Where: 



FIXED_KEY_MODE Fixed key mode 

MK_TK_KEY_MODE Master key/Transaction key mode 

VISAJJKPT>10DE VISA unique key per transaction mode 

KEYED_MK_TK_MODE Keyed Master key/Transaction key mode 

sec_key_set_mgmnt_mode returns a status. 



40 



OK "Key management mode "changecompleter 



int sec_key_submit (Uchar keyjd, Uchar kekjd, char far *key_data) 

The sec_key_submit function saves the given key information under the passed key 
ID. This function also associates a key with its key encryption key (KEK). This 
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function must be performed before any functions requiring a key ID are performed. 
The key_id parameter determines under which key ID the key information is stored. 
Valid numbers are 0 through 31. In addition, the APP_MASTER_KEY or 
APP_WORKJNG_KEY may be specified. The process will be blocked if the 
5 security functions are being used by another process. The kek_id parameter defines 

the key ID of the key encryption key to be used to decrypt the key being submitted. 
If no key encryption key is required, NOJCEK should be used. The key encryption 
key^musrhave~been~submitted before a key, using it as a key encryption key, is 
submitted. The key_data parameter is a pointer to a NULL terminated siring 

10 containing the ASCII hex key data. The string length must be 16 or 32 characters 

(single or double length). Note: Any keys which were previously submitted with 
key_id as a kekjd are cleared from memory. If the APP_MASTER_KEY is 
submitted, the application and all other keys are cleared from memory after this 
operation. The kekjd parameter is ignored for the A PP_M A STER_KEY and 

15 A PP_WORKING_KE Y keys. Defaulting to the NOJCEK for the 

APP_WORKJNG_KEY and AWK for the APPJMASTER_KEY. 

secjcey_submit returns the following: 

20 Return Meaning 

OK Key was successfully submitted. 

INVALJDJCEY The length of the key is not 16 or 32 characters. 

INVALIDED The key_id or4cek_id parameter is out of range. 

KEY_NOT_LOADED The key encryption key has not been loaded. 

25 

int sec_serial_num_submit(char *ser_num_ptr) 
^=^5s»:«5^-Sets • the serial- number-stored in security_dcb. This function is included for ^-wfcssiaspa^ 
compatibility with 290E applications. The ser_num_ptr parameter is a pointer to a 
NULL terminated ASCII string containing the serial number. The serial number 
30 may be up to 1 6 digits in length. 

sec_serial_num_submit returns a status. 

Return Meaning 
OK Serial number was updated. 

35 SYSERR The length of passed security number is too large. 

The sec_key_submit function is used to inject keys at any time. 
The DUKPT management mode changes the key used to encrypt the PIN after every 
transaction. The key ID and the terminal ID along with a transaction counter are used to 
40 generate each key. The transaction counter will allow up to 1 million transactions before the 
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initial key must be reloaded. Only one DUKPT initial key is allowed to be in use at a time. 
Some DUKPT functions are: 

void sec_dukpt_clear (void) 
5 Clears and resets the derived unique key per transaction security functions. The 

DUKPT functions must be re-initialized before the V1SA_DUKPT_KEY is used. 
The process will be blocked if the security functions are being used by another 

process. 

int secdukptinit (Uchar keyid, char far *init_kcy, Smid^Data far *smid) 
10 The sec_dukptjnit function initializes the Derived Unique Key Per Transaction 

(DUKPT) key management system by internally storing the initial key, the key serial 
number (SM1D) and resetting the DUKPT transaction counter. The key_id 
parameter is used to select which method is used. Currently, only VISA DUKPT is 
supported and the parameter must be set to VISA_DUKPT_KEY. The process will 
15 be blocked if the security functions are being used by another process. The initjcey 

parameter is a pointer to a NULL terminated ASCII hex string containing the 16 
character initial key to be used (only single length keys are valid). The smid 
parameter is a pointer to a NULL terminated ASCII hex string containing the 20 
character key serial number (SMID) to be used. Leading v Fs must be pre-pended to 
20 pad the SMID to 20 characters. 



sec_dukpt_init returns the following: 

Return Meaning 
25 OK DUKPT system initialized correctly 

1NVALIDJCEY The initial key is invalid 

. *w a TWVALID_SMID The smid parameter is invalid 

IN VALID JD Unsupported DUKPT type 



30 



int sec_dukpt_smid (Smid_Data far *buff) 

The sec_dukpt_smid function returns the current SMID, and calculates a new 
derived unique key per transaction SMID and key. This function is used to 
increment the transaction counter. The process will be blocked if the security 
functions are being used by another process. The buff parameter is a pointer to a 
McturtTcSntaining a buffer IhiilriEftKEtraff^ 

ASCII NULL terminated string containing the SMID, pre-padded with T' if 
necessary. 



40 



sec_dukpt_smid returns the following: 
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Return Meaning 
OK Completed successfully 



KEY_NOT LOADED 



INVALID PA RAM 



OVER I MILLION 



The DUKPT system has not been initialized with 
the sec_dukpt_init function. 
The DUKPT system has encrypted more than 1 
million transactions and must be re-initialized 
Buff pointer passed is a NULLPTR 



10 



15 



20 



To use DUKPT, the initial key must be injected using the sec_dukpt_init function. 
This resets the transaction counter and stores the initial key and SMID. Next the encrypt 
function is used as normal. To update the transaction counter the sec_dukpt smid function 
must be used. This will also return the SMID used for the encrypt just performed (before the 
transaction counter was updated). This SMID should be sent along with the encrypted data 
to the host. 

SmidJData is a structure defined as follows: 
// This is the data structure for SMID Data. 

typedef struct { 

char data[21]; 
} Smid_Data; 

The PIN entered by the customer is not just encrypted on its own. The entered PIN 
(4 to 12 digits) is expanded into a 64 bit block as follows: 
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The two blocks are exclusive OR'd together and encrypted using DES in ECB mode. The 
result is the encrypted PIN block. The PIN security functions include: 

int scc_PIN_encrypt (PinJData far *p_data) 
5 The sec_PIN_encrypt function encrypts the PIN data using the account number 

passed in the Pin_Data structure. The encrypted PIN is stored in the PlN_block 
array in the PinJData structure. The process will be blocked if the security functions 

are being used by another process. The p^data parameter is a pointer to a Pin_Data 

structure defined as follows: 



10 



// This is the data structure for encrypt PIN. 
// PINblock will be returned for all keys. 
// smid will be filled for DUKPT keys. 
// All strings arc NULL terminated ASCII either numeric 
15 //or hex. 

typedef struct { 

Uchar key; //Encryption key number 

char acct[20]; //ASCII Account*, no check 

20 // digit 

char PIN[13]; //ASCII PIN number 

char PlN_block[ 1 7]; //ASCII The encrypted PIN 

// block 

char smid [21 ]; //ASCII hex key serial number 
25 } Pin_Data; 

sec_PIN_encrypt returns the following: 

Return Meaning 
30 OK PIN encrypted successfully 

OVER1 MILLION Over 1 million encryptions have been processed by 
the DUKPT system. DUKPT must be re- 
-&£uz-,tt&*~-~ - • -.>^*~- - v iffltialized. 

KEY_NOT_LOADED Specified key has not been loaded with 
35 sec_key_submit() 

INVALID_PARAM P_data pointer passed does contain valid data 

Sec_PIN_encrypt requires the entered PIN and the account number before it can be 
used. Care must be taken to not leave the PIN in the clear in memory. The sec_PIN_encrypt 
40 function will clear the PIN entry in the structure but the user must be sure that it is cleared 
else where. 

c^^-isaps 51 ^^" -r ^s prefsired^m bpdypentuei£^ processor. ThTis^e^uirity^ ***** ^^S* : 

code and the application code will reside in the same processor. The application will have 
the ability to display any message that is desired and to receive any key presses the customer 
45 enters. This opens up the possibility for an application to prompt the customer to enter a PIN 
and to then pass the entered PIN on to an attacker in the clear. The only way to prevent this 
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is to verify that the application does not contain any rogue code that might do this. Once the 
code has been proven to be valid and 'clean 1 , it must be MAC'd so that it would be obvious 
if it was tampered with after approval The terminal must insure that the application it 
receives has the proper MAC and therefore is a valid application before the application is 
5 initiated. 

The terminal will assume that a security breach will not originate from the 
application (after all, the application has been MAC'd indicating that it will not breach the 
security). This must be assumed as there is always a chance that the application could 
access/alter critical pans of the OS even with extensive firewalling, as they both reside in the 
10 same processor. 

The downloader on the terminal will MAC incoming application data. It is critical 
that this always takes place. The downloader can then clear the application if its MAC is not 
valid. 

When the downloader receives the EDIR it will store the MAC contained in the 
15 extended download information record (EDIR) and then initialize the MAC routines using 
the sec_mac_data function with the APP_WORKING_KEY ID and an accumulated mac of 
all zeroes. Each record the downloader receives will be MAC'd using the sec_mac_data 
function with the accumulated mac. Upon completion of the download the downloader will 
compare the accumulated MAC against the MAC received in the EDIR. If they do not 
20 match, the application is cleared. Otherwise downloading completes as normal. The data is 
MAC'd in its compressed form. The MAC does not include the EDIR or the NDCB packet 
headers. 

The terminal preferrably will initially only have the default AMK and AWK keys 
loaded. By having default application master key (AMK) and application working key 

25 (AWK), the user may download applications without dealing with the AMK and AWK while* 

still having a terminal secure from casual application downloading. Should more security be 
needed, the AMK and AWK may be changed by the user. 

The first keys injected into the terminal must be injected in the clear (plain text) in a 
secure area. This needs to be done before an application has been loaded into the terminal, 
30 so that the key is independent from the application. At minimum the capability of injecting 
the AMK and AWK before the application must exist. 

Keys injected in the clear are normally injected using a key loading device (KLD). 

When the Inject Keys option is selected, the seckeyjnject function will be called. The 
35 function will then monitor the director selected port for messages from a KLD (or similar) 
device at standard baud rates with 7 bits, even parity, one start bit, and one stop bit. Once the 
first keys have been injected, the application can take over the injecting of further keys. The 
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keys injected by the application normally will have been encrypted using one of the keys 
first injected into the terminal and not in the clear. 

The application will have access to the following functions which will be included in 
the bridge. These functions arc described in detail above. 

int secedes ^decrypt (Uchar key_id % Des_Data far *buf) 
int sec_des_encrypt (Uchar keyjd, Des_Data far *buf) 

void sec_dukpt_clear (void) 

int sec_dukpt_init (Uchar keyjd, char far *init_key, Smid Data far *smid) 
int secdukptsmid (Smid^Data far *buff) 



3fc~ :- • .. .v-^w 



int sec_key_clear (Uchar key_id) 

int seckeysetmgmntmode (enum mgmnt_modes mode) 
1 5 int sec_key_submit (Uchar keyjd, Uchar kekjd, char far *key_data) 

int sec_mac_data (Uchar kcyjd, char far *buff, int len, Des_Data far *mac) 

int sec_get_information (struct securityjnfo *sec_info_ptr, unsigned int si size) 
20 int sec_serial_num_submit (char *ser_num_ptr) 

int sec_PIN_encrypt (Pin_Data far *p_data) 

The security class or object must include several operating system support functions. 
25 These functions support the object interaction in the operating system. These functions 
include the following. 

void secjceyjnject (void) 

This function will be called by the director inject Keys' menu option. The Inject 
30 Keys menu option will be under the parameters option in the director. This Inject 

Keys option may be password protected. When calied, ihr?uncfion will operate aV^ * : 
described in the Key Injection section above. 



void sec_key_display_status (void) 
35 The sec_key_display_status function is also called from the director. This menu 

option will be under the diagnostics menu. It indicates which keys have been loaded 
into the terminal on the display. 




40 A PC Utility will support full downloads of applications and parameters. Downloads 

will be supported over phone lines, locally, or over the LAN. The PC Utility can also 
download the operating system, since it is stored in flash ROM. The O/S and software 
should support download of the application when required, initiated by either the host or the 
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terminal (gateway if on LAN). The application can request this download to occur. If no 
application is loaded, a terminal operator would have to manually start the download through 
the director. Remote download of a typical application file (256K) should take within 15 
minutes (compression will be used to reduce download time). A communication module 
5 having ISDN capability or utilizing a diskette might be used for large downloads. These 
approaches will be looked at more closely if customers begin moving toward higher memory 
configurations. 

IbeJPCJJtiiLt^^ pad 

module. It might support common key systems such as DUKPT, Master Key, Session Key, 
10 Fixed Key. A preferred embodiment of the invention also supports RACAL. 

For secure downloading of an application, MACing is used. A specific encryption 
key for MACing is stored in the POS terminal or PIN pad module. The same key is used 
when downloading an application to create a MAC value. When a new application is 
downloaded, the MAC value is compared against the MAC key received in the EDIR to 
15 ensure that the code did not change during transmission and that the application was sent by 
an approved source. 

EXEMPLARY USER ENVIRONMENTS 
The modular POS terminal allows for many different uses in different user 
20 environments. A few of these different user environments will now be discussed. It will be 
appreciated that the environments are purely exemplary and are not intended to be construed 
as a limitation on the field of use of the invention. 

I . PIN Pad Module — Electronic Cash Register (ECR) Integrated 
25 In this environment as illustrated ^Figure 1 1 A, the POSjerminal includes a core 

unit 30 which interconnects with a PIN pad module 148. The POS terminal is operatively 
connected to an electronic cash register 170 (ECR) which has electronic funds transfer (EFT) 
software and handles all host communication. The POS terminal connects to the ECR 170 
through an appropriate ECR interface such as an RS485 interface (IBM 4680 tailgate), an 
30 RS232 interface (most other ECRs), etc. A retail clerk operates the ECR 170. The sale 
amount is transferred to the POS terminal for display on the POS terminal to the customer. 
The customer confirms the sale amount, selects payment type, and enters his/her PIN on the 
- key pa^Qf^f^^ - - : 

35 2. Local Area Network (LAN) 

As illustrated in Figure 1 IB, multiple POS terminals are interconnected as 
workstations in a LAN environment with one of the POS terminals functioning as a gateway 
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terminal 172 for external communications with a remote host. The POS terminal 
workstations each include a core unit 30, a communications module 100, and an external 
printer 174. It will be appreciated that only the POS terminal used as the gateway 172 needs 
a communications module equipped with a modem PCB. An externa) PIN pad might be 
5 used for convenience. 

The aforementioned environment is used for multi-lane environments with POS 
terminals networked together and when ECR integration is not needed. The POS terminal 

workstations-indifferent lanes have no modem or communications module but communicate 

with a remote host through a POS terminal which has a communications module including a 

10 modem and serves as the gateway terminal. A POS terminal with its PIN pad module is 

clerk activated and may be passed to the customer for PIN entry or an optional PIN pad may 
be used. Magnetic stripe or integrated circuit (IC) cards can be read. The gateway POS 
terminal 1 72 provides external communications with an external host for verification of any 
transactions conducted. The external printer 174 is typically attached for added printing 

15 capability such as higher speed printing. 

3. LAN--ECR semi-integrated 

As illustrated in Figure 1 IC in a variation of the above environment, the POS 
terminals interface to an ECR 1 70 for transfer of sale amount and use of the ECR printer. 
20 Host communication is still handled by the POS terminal functioning as the gateway 

terminal 172. In this environment, no external printer is required since the ECR printer is 
used, although additional external printers might be utilized. 

A plurality of the POS terminals might be connected to each other in a local area 
network (LAN). The ECR might be connected either directly to a POS terminal or through 
25 the local network conlr<^lej^y/h?ch communicates with the networked POS terminals via one 
of the POS terminals which serves as a network gateway. 

4. POS Terminal Offline 

Figure 1 ID illustrates an environment in which there is no access to telephone lines. 
30 In this environment, the POS terminal includes a core unit 30, a communications module 100 
with battery pack 176 as a power source, a second IC card reader incorporated within the 
communications module 100, and a charging stand (not shown). An integrated printer 108 is 

trtffiSSctions are done (ie. out^^^^^ 1 ^^ 
food stands, newspaper stands, buses, flea markets). These environments need portability 
35 and cannot access phone lines. The merchant does not need to do authorization online 
because of small transaction amounts and use of integrated circuit (IC) cards. This 
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configuration might be used in other environments simply because of the unreliability of the 
telecommunications systems. 

Transactions may be stored in a second IC card ("retailer card") or in POS terminal 
memory for later transfer to a host. PINs may or may not be used in this environment. The 
5 clerk enters the sale amount, then hands the device to the customer for inserting his/her card 
and PIN entry if any. 

5. POS Terminal Online 



10 



Illustrated in Figure 1 IE is an environment where the POS terminal is used online. 
In this environment, the POS Terminal includes a core unit 30, a standard communication 
module 100 including modem, and integrated printer 108. Optional elements are an external 
high speed printer as opposed to an integrated printer, an external PIN pad, and a second 
IC/smart card reader. When IC cards are used as bank cards or for larger electronic purse 
transactions, online authorization is needed periodically; i.e., when the transaction exceeds a 
1 5 certain amount or number of times used daily. This is advantageous when IC cards are used 
in conjunction with magstripe cards for bank cards. The POS terminal does not need to be 
portable in many retail sites where placed at point of sale. The clerk enters sale amount on 
the POS terminal and then gives the customer the POS terminal for card insert and PIN entry 
on the key pad of the POS Terminal, or an external PIN pad can be attached when preferred. 
20 A second IC card reader can be used to store keys and encrypt data sent to the host. 

6. POS Terminal Online-ECR semi-integrated 

Figure 1 IF illustrates the same user environment as shown in Figure 1 IE except the 
POS terminal interfaces to an ECR 1 70 for transfer of sale amount and receipt printing by 
25 e3rI% *fJ£?' * l \ ^Ig^^S*}? 1 * is stin handled by the POS terminal. In this environment, 
the POS terminal includes a core unit 30 and a standard communications module 100. This 
environment is typical with older ECRs that can't handle EFT or when the retail operator 
chooses to separate the EFT function from the ECR and have it handled by the POS terminal. 



30 7. POS Terminal-Online IC Terminal/Portable 

As illustrated in Figure 1 1G, in this environment the POS terminal includes a core 
unit 30, a portable communications module 100 with wireless communication capability 
^ss^-was^^ charging stand (no^^^^t^iii^rmSS^?^:^^ 

printer is optional. This environment requires portability in addition to the ability to handle 
35 large transaction amounts which require periodic online authorization. Typical 

environments would be restaurants, temporary retail sites, arenas, etc. For example, orders 
might be taken and paid for while a person is standing in line waiting for their food. 
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It is to be understood, that even though numerous characteristics and advantages of 
the invention have been set forth in the foregoing description, together with details of the 
structure and function of the invention, the disclosure is illustrative only, and changes may 
be made in detail, especially in matters of shape, size, and arrangement of the parts within 
5 the principles of the invention to the full extent indicated by the broad general meaning of 
the terms in which the appended claims arc expressed. 
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WHAT IS CLAIMED IS: 

1 . A terminal apparatus, comprising: 
a core unit including; 
5 a processor and associated memory, 

a keypad for inputting data, and 

a display operatively interconnected to the processor for displaying 

data; 



a communications module attachable to a bottom surface of the core unit; 

10 and 

the core unit and the communications module being interconnected by an 
electrical. bus enabling control of the communications module by the processor of the core 
unit, the core unit being interchangeable with various communications modules. 



1 5 2. An apparatus in accordance with claim 1, wherein the communication 

module includes a modem apparatus, the modem apparatus enabling communication with a 
remote host. 

3. An apparatus in accordance with claim 1 , wherein the communication 
20 module includes a network interface communication board enabling a plurality of the core 
units and their associated communication modules to be interconnected in a local area 
network arrangement. 



3. An apparatus in accordance with claim 3, wherein at least one of the 
^^^^^ | 25 plurality of communication modules interconnected m^thejq^^ 

include a modem apparatus, the modem apparatus enabling communication with a remote 
host. 



4. An apparatus in accordance with claim I, wherein the communication 
30 module includes a removable integral printer whereby information can be printed, the 

integral printer being electrically interconnected to the processor of the core unit by the 
electrical bus. 

5. An apparatus in accordance with claim 1 , wherein the communication 

35 module includes an electrical connection for interconnection to a device selected from the 
group consisting of: an electronic cash register, check reader, computer, external printer, 
modem, cash drawer, and biometric devices. 
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6. An apparatus in accordance with claim I , wherein the communication 
module is electrically interconnected to a battery pack. 



5 



7. 



An apparatus in accordance with claim I , wherein the core unit includes a 



magnetic stripe reader. 



8. 



An apparatus in accordance with claim 7, wherein the core unit includes a 



smart card reader. 



10 



9. An apparatus in accordance with claim 8, wherein the core unit includes a 
PIN pad module for entry of a user's PIN during a transaction. 

10. An apparatus in accordance with claim 1 , wherein the core unit includes a 
15 first electrical bus connector projecting from its bottom surface and the communication 

module includes a second electrical bus connector projecting from its top surface, the first 
and second electrical bus connectors mechanically and electrically connecting to one another 
to provide an electrical bus from the processor of the core unit to electrical components in 
the communication module, the core unit and communication module being attached to one 
20 another by removable fasteners. 



user's PIN during a transaction, 

a display displaying information, 

a magstripe reader for reading an encoded magstripe on a card, the 
magstripe reader being disposed proximate one side of the core unit, 



35 connector projecting therefrom and electrically interconnectable to the electrical bus 
connector of the core unit so as to create an electrical bus between the core unit and the 
communication module, the communication module including communication control 



25 



11. A POS modular terminal apparatus, comprising: 
a core unit including; 

a processor and associated memory, 
- a k e y^?d4isp_osed o r n,a top.surfac.e^ofcthe.core unit for entry of a 



30 
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circuitry for interfacing with the processor of the core unit by way of the electrical bus, the 
communication control circuitry being electrically connected to electrical components in the 
communication module so as to allow control thereover by the processor of the core unit, the 
communication module being interchangeably connected to the bottom surface of the core 
5 unit by fasteners whereby the core unit may be interchangeably connected to different 
communication modules, the communication module providing power to the core unit. 

12. An apparatus in accordance with claim 1 1, wherein time division 
multiplexing (TDM) communication protocol is used to communicate between the processor 
of the core unit and the communication circuitry of the communication module. 



10 



1.3. A terminal apparatus, comprising: 
a processor and associated memory; 

a keypad, operatively coupled to the processor, for inputting data to the 
15 associated memory; 

a display, operatively coupled to the processor, for displaying data; 
a communications module; and 

a time division multiplex (TDM) bus operatively coupled between the 
processor and communications module to enable control of the communications module by 
20 the processor, the TDM bus having at least two different data transfer rate channels 
multiplexed together in a frame. 

14. A terminal apparatus, comprising: 
a display for displaying data; 

a processor and associated memory, operatively coupled to the display and 
keypad, for processing application program functions in accordance with an operating 
system display driver which allows a first application program to exclusively control 
displayed elements within a first portion of the display and a second application program to 
30 exclusively control displayed elements within a second portion of the display. 
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